Article thumbnail

How dynamic are ip addresses

By Yinglian Xie, Fang Yu, Kannan Achan, Eliot Gillum, Moises Goldszmidt and Ted Wobber


This paper introduces a novel algorithm, UDmap, to identify dynamically assigned IP addresses and analyze their dynamics pattern. UDmap is fully automatic, and relies only on applicationlevel server logs. We applied UDmap to a month-long Hotmail user-login trace and identified a significant number of dynamic IP addresses – more than 102 million. This suggests that the fraction of IP addresses that are dynamic is by no means negligible. Using this information in combination with a three-month Hotmail email server log, we were able to establish that 95.6 % of mail servers setup on the dynamic IP addresses in our trace sent out solely spam emails. Moreover, these mail servers sent out a large amount of spam – amounting to 42.2 % of all spam emails received by Hotmail. These results highlight the importance of being able to accurately identify dynamic IP addresses for spam filtering. We expect similar benefits to arise for phishing site identification and botnet detection. To our knowledge, this is the first successful attempt to automatically identify and understand IP address dynamics

Topics: Networks, General—security and protection General Terms Algorithms, Measurement, Security Keywords DHCP, dynamic IP addresses, IP volatility, entropy, spam detection
Publisher: ACM
Year: 2007
DOI identifier: 10.1145/1282427.1282415
OAI identifier: oai:CiteSeerX.psu:
Provided by: CiteSeerX
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • (external link)
  • (external link)
  • Suggested articles

    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.