Evaluating Third-Party Bad Neighborhood Blacklists for Spam Detection

Giovane Moreira Moura; Anna Sperotto; R. Sadre; Aiko Pras

Evaluating Third-Party Bad Neighborhood Blacklists for Spam Detection

Giovane Moreira Moura, Anna Sperotto, R. Sadre, Aiko Pras

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

12 Citations (Scopus)

87 Downloads (Pure)

Abstract

The distribution of malicious hosts over the IP address space is far from being uniform. In fact, malicious hosts tend to be concentrate in certain portions of the IP address space, forming the so-called Bad Neighborhoods. This phenomenon has been previously exploited to filter Spam by means of Bad Neighborhood blacklists. In this paper, we evaluate how much a network administrator can rely upon different Bad Neighborhood blacklists generated by third-party sources to fight Spam. One could expect that Bad Neighborhood blacklists generated from different sources contain, to a varying degree, disjoint sets of entries. Therefore, we investigate (i) how specific a blacklist is to its source, and (ii) whether different blacklists can be interchangeably used to protect a target from Spam. We analyze five Bad Neighborhood blacklists generated from real-world measurements and study their effectiveness in protecting three production mail servers from Spam. Our findings lead to several operational considerations on how a network administrator could best benefit from Bad Neighborhood-based Spam filtering.

Original language	Undefined
Title of host publication	Proceedings of IFIP/IEEE International Symposium on Integrated Network Management 2013
Editors	C. Seon Hong, Y. Diao, F. De Turk
Place of Publication	USA
Publisher	IEEE
Pages	252-259
Number of pages	8
ISBN (Print)	978-1-4673-5229-1
Publication status	Published - May 2013
Event	13th IFIP/IEEE International Symposium on Integrated Network Management, IM 2013 - Ghent, Belgium Duration: 27 May 2013 → 31 May 2013 Conference number: 13 http://dl.ifip.org/db/conf/im/im2013/index.html

Publication series

Name
Publisher	IEEE Communications Society

Conference

Conference	13th IFIP/IEEE International Symposium on Integrated Network Management, IM 2013
Abbreviated title	IM 2013
Country/Territory	Belgium
City	Ghent
Period	27/05/13 → 31/05/13
Internet address	http://dl.ifip.org/db/conf/im/im2013/index.html

Keywords

EWI-22957
IR-84179
METIS-296249

Access to Document

CR
CR

http://ieeexplore.ieee.org/xpl/articleDetails.jsp?tp=&arnumber=6572993

Cite this

@inproceedings{310545e55679490c88c0ae88d8790c6f,

title = "Evaluating Third-Party Bad Neighborhood Blacklists for Spam Detection",

abstract = "The distribution of malicious hosts over the IP address space is far from being uniform. In fact, malicious hosts tend to be concentrate in certain portions of the IP address space, forming the so-called Bad Neighborhoods. This phenomenon has been previously exploited to filter Spam by means of Bad Neighborhood blacklists. In this paper, we evaluate how much a network administrator can rely upon different Bad Neighborhood blacklists generated by third-party sources to fight Spam. One could expect that Bad Neighborhood blacklists generated from different sources contain, to a varying degree, disjoint sets of entries. Therefore, we investigate (i) how specific a blacklist is to its source, and (ii) whether different blacklists can be interchangeably used to protect a target from Spam. We analyze five Bad Neighborhood blacklists generated from real-world measurements and study their effectiveness in protecting three production mail servers from Spam. Our findings lead to several operational considerations on how a network administrator could best benefit from Bad Neighborhood-based Spam filtering.",

keywords = "EWI-22957, IR-84179, METIS-296249",

author = "{Moreira Moura}, Giovane and Anna Sperotto and R. Sadre and Aiko Pras",

year = "2013",

month = may,

language = "Undefined",

isbn = "978-1-4673-5229-1",

publisher = "IEEE",

pages = "252--259",

editor = "{Seon Hong}, C. and Y. Diao and {De Turk}, F.",

booktitle = "Proceedings of IFIP/IEEE International Symposium on Integrated Network Management 2013",

note = "null ; Conference date: 27-05-2013 Through 31-05-2013",

url = "http://dl.ifip.org/db/conf/im/im2013/index.html",

}

Moreira Moura, G, Sperotto, A, Sadre, R & Pras, A 2013, Evaluating Third-Party Bad Neighborhood Blacklists for Spam Detection. in C Seon Hong, Y Diao & F De Turk (eds), Proceedings of IFIP/IEEE International Symposium on Integrated Network Management 2013. IEEE, USA, pp. 252-259, 13th IFIP/IEEE International Symposium on Integrated Network Management, IM 2013, Ghent, Belgium, 27/05/13. <http://ieeexplore.ieee.org/xpl/articleDetails.jsp?tp=&arnumber=6572993>

Evaluating Third-Party Bad Neighborhood Blacklists for Spam Detection. / Moreira Moura, Giovane; Sperotto, Anna; Sadre, R. et al.

Proceedings of IFIP/IEEE International Symposium on Integrated Network Management 2013. ed. / C. Seon Hong; Y. Diao; F. De Turk. USA : IEEE, 2013. p. 252-259.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Evaluating Third-Party Bad Neighborhood Blacklists for Spam Detection

AU - Moreira Moura, Giovane

AU - Sperotto, Anna

AU - Sadre, R.

AU - Pras, Aiko

N1 - Conference code: 13

PY - 2013/5

Y1 - 2013/5

N2 - The distribution of malicious hosts over the IP address space is far from being uniform. In fact, malicious hosts tend to be concentrate in certain portions of the IP address space, forming the so-called Bad Neighborhoods. This phenomenon has been previously exploited to filter Spam by means of Bad Neighborhood blacklists. In this paper, we evaluate how much a network administrator can rely upon different Bad Neighborhood blacklists generated by third-party sources to fight Spam. One could expect that Bad Neighborhood blacklists generated from different sources contain, to a varying degree, disjoint sets of entries. Therefore, we investigate (i) how specific a blacklist is to its source, and (ii) whether different blacklists can be interchangeably used to protect a target from Spam. We analyze five Bad Neighborhood blacklists generated from real-world measurements and study their effectiveness in protecting three production mail servers from Spam. Our findings lead to several operational considerations on how a network administrator could best benefit from Bad Neighborhood-based Spam filtering.

AB - The distribution of malicious hosts over the IP address space is far from being uniform. In fact, malicious hosts tend to be concentrate in certain portions of the IP address space, forming the so-called Bad Neighborhoods. This phenomenon has been previously exploited to filter Spam by means of Bad Neighborhood blacklists. In this paper, we evaluate how much a network administrator can rely upon different Bad Neighborhood blacklists generated by third-party sources to fight Spam. One could expect that Bad Neighborhood blacklists generated from different sources contain, to a varying degree, disjoint sets of entries. Therefore, we investigate (i) how specific a blacklist is to its source, and (ii) whether different blacklists can be interchangeably used to protect a target from Spam. We analyze five Bad Neighborhood blacklists generated from real-world measurements and study their effectiveness in protecting three production mail servers from Spam. Our findings lead to several operational considerations on how a network administrator could best benefit from Bad Neighborhood-based Spam filtering.

KW - EWI-22957

KW - IR-84179

KW - METIS-296249

M3 - Conference contribution

SN - 978-1-4673-5229-1

SP - 252

EP - 259

BT - Proceedings of IFIP/IEEE International Symposium on Integrated Network Management 2013

A2 - Seon Hong, C.

A2 - Diao, Y.

A2 - De Turk, F.

PB - IEEE

CY - USA

Y2 - 27 May 2013 through 31 May 2013

ER -