Internet Bad Neighborhoods Aggregation

Giovane Moreira Moura; R. Sadre; Anna Sperotto; Aiko Pras

doi:10.1109/NOMS.2012.6211917

Internet Bad Neighborhoods Aggregation

Giovane Moreira Moura, R. Sadre, Anna Sperotto, Aiko Pras

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

7 Citations

Abstract

Internet Bad Neighborhoods have proven to be an innovative approach for fighting spam. They have also helped to understand how spammers are distributed on the Internet. In our previous works, the size of each bad neighborhood was fixed to a /24 subnetwork. In this paper, however, we investigate if it is feasible to aggregate Internet bad neighborhoods not only at /24, but to any network prefix. To do that, we propose two different aggregation strategies: fixed prefix and variable prefix. The motivation for doing that is to reduce the number of entries in the bad neighborhood list, thus reducing memory storage requirements for intrusion detection solutions. We also introduce two error measures that allow to quantify how much error was incurred by the aggregation process. An evaluation of both strategies was conducted by analyzing real world data in our aggregation prototype.

Language	Undefined
Title of host publication	Proceedings of IEEE/IFIP Network Operations and Management Symposium (NOMS 2012)
Editors	L. Paschoal Gaspary, Filip De Turk
Place of Publication	USA
Publisher	IEEE Communications Society
Pages	343-350
Number of pages	8
ISBN (Print)	978-1-4673-0269-2
DOIs	10.1109/NOMS.2012.6211917
State	Published - Apr 2012
Event	13th IEEE/IFIP Network Operations and Management Symposium 2012 - Maui, United States Duration: 16 Apr 2012 → 20 Apr 2012 Conference number: 13 http://noms2012.ieee-noms.org/

Publication series

Name
Publisher	IEEE Communications Society
Volume	1

Conference

Conference	13th IEEE/IFIP Network Operations and Management Symposium 2012
Abbreviated title	NOMS 2012
Country	United States
City	Maui
Period	16/04/12 → 20/04/12
Internet address	http://noms2012.ieee-noms.org/

Keywords

IR-79352
EWI-21235
EC Grant Agreement nr.: FP7/257513
METIS-284989

Cite this

Moreira Moura, G., Sadre, R., Sperotto, A., & Pras, A. (2012). Internet Bad Neighborhoods Aggregation. In L. Paschoal Gaspary, & F. De Turk (Eds.), Proceedings of IEEE/IFIP Network Operations and Management Symposium (NOMS 2012) (pp. 343-350). USA: IEEE Communications Society. DOI: 10.1109/NOMS.2012.6211917

Moreira Moura, Giovane ; Sadre, R. ; Sperotto, Anna ; Pras, Aiko. / Internet Bad Neighborhoods Aggregation. Proceedings of IEEE/IFIP Network Operations and Management Symposium (NOMS 2012). editor / L. Paschoal Gaspary ; Filip De Turk. USA : IEEE Communications Society, 2012. pp. 343-350

@inproceedings{7657bc40b40d4c43a97ffdb35988a8d6,

title = "Internet Bad Neighborhoods Aggregation",

abstract = "Internet Bad Neighborhoods have proven to be an innovative approach for fighting spam. They have also helped to understand how spammers are distributed on the Internet. In our previous works, the size of each bad neighborhood was fixed to a /24 subnetwork. In this paper, however, we investigate if it is feasible to aggregate Internet bad neighborhoods not only at /24, but to any network prefix. To do that, we propose two different aggregation strategies: fixed prefix and variable prefix. The motivation for doing that is to reduce the number of entries in the bad neighborhood list, thus reducing memory storage requirements for intrusion detection solutions. We also introduce two error measures that allow to quantify how much error was incurred by the aggregation process. An evaluation of both strategies was conducted by analyzing real world data in our aggregation prototype.",

keywords = "IR-79352, EWI-21235, EC Grant Agreement nr.: FP7/257513, METIS-284989",

author = "{Moreira Moura}, Giovane and R. Sadre and Anna Sperotto and Aiko Pras",

year = "2012",

month = "4",

doi = "10.1109/NOMS.2012.6211917",

language = "Undefined",

isbn = "978-1-4673-0269-2",

publisher = "IEEE Communications Society",

pages = "343--350",

editor = "{Paschoal Gaspary}, L. and {De Turk}, Filip",

booktitle = "Proceedings of IEEE/IFIP Network Operations and Management Symposium (NOMS 2012)",

address = "United States",

}

Moreira Moura, G, Sadre, R, Sperotto, A & Pras, A 2012, Internet Bad Neighborhoods Aggregation. in L Paschoal Gaspary & F De Turk (eds), Proceedings of IEEE/IFIP Network Operations and Management Symposium (NOMS 2012). IEEE Communications Society, USA, pp. 343-350, 13th IEEE/IFIP Network Operations and Management Symposium 2012, Maui, United States, 16/04/12. DOI: 10.1109/NOMS.2012.6211917

Internet Bad Neighborhoods Aggregation. / Moreira Moura, Giovane; Sadre, R.; Sperotto, Anna ; Pras, Aiko.

Proceedings of IEEE/IFIP Network Operations and Management Symposium (NOMS 2012). ed. / L. Paschoal Gaspary; Filip De Turk. USA : IEEE Communications Society, 2012. p. 343-350.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Internet Bad Neighborhoods Aggregation

AU - Moreira Moura,Giovane

AU - Sadre,R.

AU - Sperotto,Anna

AU - Pras,Aiko

PY - 2012/4

Y1 - 2012/4

N2 - Internet Bad Neighborhoods have proven to be an innovative approach for fighting spam. They have also helped to understand how spammers are distributed on the Internet. In our previous works, the size of each bad neighborhood was fixed to a /24 subnetwork. In this paper, however, we investigate if it is feasible to aggregate Internet bad neighborhoods not only at /24, but to any network prefix. To do that, we propose two different aggregation strategies: fixed prefix and variable prefix. The motivation for doing that is to reduce the number of entries in the bad neighborhood list, thus reducing memory storage requirements for intrusion detection solutions. We also introduce two error measures that allow to quantify how much error was incurred by the aggregation process. An evaluation of both strategies was conducted by analyzing real world data in our aggregation prototype.

AB - Internet Bad Neighborhoods have proven to be an innovative approach for fighting spam. They have also helped to understand how spammers are distributed on the Internet. In our previous works, the size of each bad neighborhood was fixed to a /24 subnetwork. In this paper, however, we investigate if it is feasible to aggregate Internet bad neighborhoods not only at /24, but to any network prefix. To do that, we propose two different aggregation strategies: fixed prefix and variable prefix. The motivation for doing that is to reduce the number of entries in the bad neighborhood list, thus reducing memory storage requirements for intrusion detection solutions. We also introduce two error measures that allow to quantify how much error was incurred by the aggregation process. An evaluation of both strategies was conducted by analyzing real world data in our aggregation prototype.

KW - IR-79352

KW - EWI-21235

KW - EC Grant Agreement nr.: FP7/257513

KW - METIS-284989

U2 - 10.1109/NOMS.2012.6211917

DO - 10.1109/NOMS.2012.6211917

M3 - Conference contribution

SN - 978-1-4673-0269-2

SP - 343

EP - 350

BT - Proceedings of IEEE/IFIP Network Operations and Management Symposium (NOMS 2012)

PB - IEEE Communications Society

CY - USA

ER -

Moreira Moura G, Sadre R, Sperotto A , Pras A. Internet Bad Neighborhoods Aggregation. In Paschoal Gaspary L, De Turk F, editors, Proceedings of IEEE/IFIP Network Operations and Management Symposium (NOMS 2012). USA: IEEE Communications Society. 2012. p. 343-350. Available from, DOI: 10.1109/NOMS.2012.6211917

Access to Document

10.1109/NOMS.2012.6211917

noms2012
open