Evaluating Third-Party Bad Neighborhood Blacklists for Spam Detection

Giovane Moreira Moura, Anna Sperotto, R. Sadre, Aiko Pras

  • 7 Citations

Abstract

The distribution of malicious hosts over the IP address space is far from being uniform. In fact, malicious hosts tend to be concentrate in certain portions of the IP address space, forming the so-called Bad Neighborhoods. This phenomenon has been previously exploited to filter Spam by means of Bad Neighborhood blacklists. In this paper, we evaluate how much a network administrator can rely upon different Bad Neighborhood blacklists generated by third-party sources to fight Spam. One could expect that Bad Neighborhood blacklists generated from different sources contain, to a varying degree, disjoint sets of entries. Therefore, we investigate (i) how specific a blacklist is to its source, and (ii) whether different blacklists can be interchangeably used to protect a target from Spam. We analyze five Bad Neighborhood blacklists generated from real-world measurements and study their effectiveness in protecting three production mail servers from Spam. Our findings lead to several operational considerations on how a network administrator could best benefit from Bad Neighborhood-based Spam filtering.
Original languageUndefined
Title of host publicationProceedings of IFIP/IEEE International Symposium on Integrated Network Management 2013
EditorsC. Seon Hong, Y. Diao, F. De Turk
Place of PublicationUSA
PublisherIEEE Communications Society
Pages252-259
Number of pages8
ISBN (Print)978-1-4673-5229-1
StatePublished - May 2013
Event13th IFIP/IEEE International Symposium on Integrated Network Management, IM 2013 - Ghent, Belgium

Publication series

Name
PublisherIEEE Communications Society

Conference

Conference13th IFIP/IEEE International Symposium on Integrated Network Management, IM 2013
Abbreviated titleIM 2013
CountryBelgium
CityGhent
Period27/05/1331/05/13
Internet address

Fingerprint

Servers

Keywords

  • EWI-22957
  • IR-84179
  • METIS-296249

Cite this

Moreira Moura, G., Sperotto, A., Sadre, R., & Pras, A. (2013). Evaluating Third-Party Bad Neighborhood Blacklists for Spam Detection. In C. Seon Hong, Y. Diao, & F. De Turk (Eds.), Proceedings of IFIP/IEEE International Symposium on Integrated Network Management 2013 (pp. 252-259). USA: IEEE Communications Society.

Moreira Moura, Giovane; Sperotto, Anna; Sadre, R.; Pras, Aiko / Evaluating Third-Party Bad Neighborhood Blacklists for Spam Detection.

Proceedings of IFIP/IEEE International Symposium on Integrated Network Management 2013. ed. / C. Seon Hong; Y. Diao; F. De Turk. USA : IEEE Communications Society, 2013. p. 252-259.

Research output: Scientific - peer-reviewConference contribution

@inbook{310545e55679490c88c0ae88d8790c6f,
title = "Evaluating Third-Party Bad Neighborhood Blacklists for Spam Detection",
abstract = "The distribution of malicious hosts over the IP address space is far from being uniform. In fact, malicious hosts tend to be concentrate in certain portions of the IP address space, forming the so-called Bad Neighborhoods. This phenomenon has been previously exploited to filter Spam by means of Bad Neighborhood blacklists. In this paper, we evaluate how much a network administrator can rely upon different Bad Neighborhood blacklists generated by third-party sources to fight Spam. One could expect that Bad Neighborhood blacklists generated from different sources contain, to a varying degree, disjoint sets of entries. Therefore, we investigate (i) how specific a blacklist is to its source, and (ii) whether different blacklists can be interchangeably used to protect a target from Spam. We analyze five Bad Neighborhood blacklists generated from real-world measurements and study their effectiveness in protecting three production mail servers from Spam. Our findings lead to several operational considerations on how a network administrator could best benefit from Bad Neighborhood-based Spam filtering.",
keywords = "EWI-22957, IR-84179, METIS-296249",
author = "{Moreira Moura}, Giovane and Anna Sperotto and R. Sadre and Aiko Pras",
year = "2013",
month = "5",
isbn = "978-1-4673-5229-1",
publisher = "IEEE Communications Society",
pages = "252--259",
editor = "{Seon Hong}, C. and Y. Diao and {De Turk}, F.",
booktitle = "Proceedings of IFIP/IEEE International Symposium on Integrated Network Management 2013",
address = "United States",

}

Moreira Moura, G, Sperotto, A, Sadre, R & Pras, A 2013, Evaluating Third-Party Bad Neighborhood Blacklists for Spam Detection. in C Seon Hong, Y Diao & F De Turk (eds), Proceedings of IFIP/IEEE International Symposium on Integrated Network Management 2013. IEEE Communications Society, USA, pp. 252-259, 13th IFIP/IEEE International Symposium on Integrated Network Management, IM 2013, Ghent, Belgium, 27-31 May.

Evaluating Third-Party Bad Neighborhood Blacklists for Spam Detection. / Moreira Moura, Giovane; Sperotto, Anna; Sadre, R.; Pras, Aiko.

Proceedings of IFIP/IEEE International Symposium on Integrated Network Management 2013. ed. / C. Seon Hong; Y. Diao; F. De Turk. USA : IEEE Communications Society, 2013. p. 252-259.

Research output: Scientific - peer-reviewConference contribution

TY - CHAP

T1 - Evaluating Third-Party Bad Neighborhood Blacklists for Spam Detection

AU - Moreira Moura,Giovane

AU - Sperotto,Anna

AU - Sadre,R.

AU - Pras,Aiko

PY - 2013/5

Y1 - 2013/5

N2 - The distribution of malicious hosts over the IP address space is far from being uniform. In fact, malicious hosts tend to be concentrate in certain portions of the IP address space, forming the so-called Bad Neighborhoods. This phenomenon has been previously exploited to filter Spam by means of Bad Neighborhood blacklists. In this paper, we evaluate how much a network administrator can rely upon different Bad Neighborhood blacklists generated by third-party sources to fight Spam. One could expect that Bad Neighborhood blacklists generated from different sources contain, to a varying degree, disjoint sets of entries. Therefore, we investigate (i) how specific a blacklist is to its source, and (ii) whether different blacklists can be interchangeably used to protect a target from Spam. We analyze five Bad Neighborhood blacklists generated from real-world measurements and study their effectiveness in protecting three production mail servers from Spam. Our findings lead to several operational considerations on how a network administrator could best benefit from Bad Neighborhood-based Spam filtering.

AB - The distribution of malicious hosts over the IP address space is far from being uniform. In fact, malicious hosts tend to be concentrate in certain portions of the IP address space, forming the so-called Bad Neighborhoods. This phenomenon has been previously exploited to filter Spam by means of Bad Neighborhood blacklists. In this paper, we evaluate how much a network administrator can rely upon different Bad Neighborhood blacklists generated by third-party sources to fight Spam. One could expect that Bad Neighborhood blacklists generated from different sources contain, to a varying degree, disjoint sets of entries. Therefore, we investigate (i) how specific a blacklist is to its source, and (ii) whether different blacklists can be interchangeably used to protect a target from Spam. We analyze five Bad Neighborhood blacklists generated from real-world measurements and study their effectiveness in protecting three production mail servers from Spam. Our findings lead to several operational considerations on how a network administrator could best benefit from Bad Neighborhood-based Spam filtering.

KW - EWI-22957

KW - IR-84179

KW - METIS-296249

M3 - Conference contribution

SN - 978-1-4673-5229-1

SP - 252

EP - 259

BT - Proceedings of IFIP/IEEE International Symposium on Integrated Network Management 2013

PB - IEEE Communications Society

ER -

Moreira Moura G, Sperotto A, Sadre R, Pras A. Evaluating Third-Party Bad Neighborhood Blacklists for Spam Detection. In Seon Hong C, Diao Y, De Turk F, editors, Proceedings of IFIP/IEEE International Symposium on Integrated Network Management 2013. USA: IEEE Communications Society. 2013. p. 252-259.