Abstract
Internet Bad Neighborhoods have proven to be an innovative approach for fighting spam. They have also helped to understand how spammers are distributed on the Internet. In our previous works, the size of each bad neighborhood was fixed to a /24 subnetwork. In this paper, however, we investigate if it is feasible to aggregate Internet bad neighborhoods not only at /24, but to any network prefix. To do that, we propose two different aggregation strategies: fixed prefix and variable prefix. The motivation for doing that is to reduce the number of entries in the bad neighborhood list, thus reducing memory storage requirements for intrusion detection solutions. We also introduce two error measures that allow to quantify how much error was incurred by the aggregation process. An evaluation of both strategies was conducted by analyzing real world data in our aggregation prototype.
| Original language | Undefined |
|---|---|
| Title of host publication | Proceedings of IEEE/IFIP Network Operations and Management Symposium (NOMS 2012) |
| Editors | L. Paschoal Gaspary, Filip De Turk |
| Place of Publication | USA |
| Publisher | IEEE Communications Society |
| Pages | 343-350 |
| Number of pages | 8 |
| ISBN (Print) | 978-1-4673-0269-2 |
| DOIs | |
| Publication status | Published - Apr 2012 |
| Event | 13th IEEE/IFIP Network Operations and Management Symposium, NOMS 2012 - Maui, United States Duration: 16 Apr 2012 → 20 Apr 2012 Conference number: 13 http://noms2012.ieee-noms.org/ |
Publication series
| Name | |
|---|---|
| Publisher | IEEE Communications Society |
| Volume | 1 |
Conference
| Conference | 13th IEEE/IFIP Network Operations and Management Symposium, NOMS 2012 |
|---|---|
| Abbreviated title | NOMS 2012 |
| Country | United States |
| City | Maui |
| Period | 16/04/12 → 20/04/12 |
| Internet address |
Keywords
- IR-79352
- EWI-21235
- EC Grant Agreement nr.: FP7/257513
- METIS-284989