Internet Bad Neighborhoods Aggregation

Giovane Moreira Moura, R. Sadre, Anna Sperotto, Aiko Pras

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    9 Citations (Scopus)
    56 Downloads (Pure)


    Internet Bad Neighborhoods have proven to be an innovative approach for fighting spam. They have also helped to understand how spammers are distributed on the Internet. In our previous works, the size of each bad neighborhood was fixed to a /24 subnetwork. In this paper, however, we investigate if it is feasible to aggregate Internet bad neighborhoods not only at /24, but to any network prefix. To do that, we propose two different aggregation strategies: fixed prefix and variable prefix. The motivation for doing that is to reduce the number of entries in the bad neighborhood list, thus reducing memory storage requirements for intrusion detection solutions. We also introduce two error measures that allow to quantify how much error was incurred by the aggregation process. An evaluation of both strategies was conducted by analyzing real world data in our aggregation prototype.
    Original languageUndefined
    Title of host publicationProceedings of IEEE/IFIP Network Operations and Management Symposium (NOMS 2012)
    EditorsL. Paschoal Gaspary, Filip De Turk
    Place of PublicationUSA
    Number of pages8
    ISBN (Print)978-1-4673-0269-2
    Publication statusPublished - Apr 2012
    Event13th IEEE/IFIP Network Operations and Management Symposium, NOMS 2012 - Maui, United States
    Duration: 16 Apr 201220 Apr 2012
    Conference number: 13

    Publication series

    PublisherIEEE Communications Society


    Conference13th IEEE/IFIP Network Operations and Management Symposium, NOMS 2012
    Abbreviated titleNOMS 2012
    Country/TerritoryUnited States
    Internet address


    • IR-79352
    • EWI-21235
    • EC Grant Agreement nr.: FP7/257513
    • METIS-284989

    Cite this