Internet Bad Neighborhoods Aggregation

Giovane Moreira Moura, R. Sadre, Anna Sperotto, Aiko Pras

Research output: Chapter in Book/Report/Conference proceedingConference contribution

  • 7 Citations

Abstract

Internet Bad Neighborhoods have proven to be an innovative approach for fighting spam. They have also helped to understand how spammers are distributed on the Internet. In our previous works, the size of each bad neighborhood was fixed to a /24 subnetwork. In this paper, however, we investigate if it is feasible to aggregate Internet bad neighborhoods not only at /24, but to any network prefix. To do that, we propose two different aggregation strategies: fixed prefix and variable prefix. The motivation for doing that is to reduce the number of entries in the bad neighborhood list, thus reducing memory storage requirements for intrusion detection solutions. We also introduce two error measures that allow to quantify how much error was incurred by the aggregation process. An evaluation of both strategies was conducted by analyzing real world data in our aggregation prototype.
LanguageUndefined
Title of host publicationProceedings of IEEE/IFIP Network Operations and Management Symposium (NOMS 2012)
EditorsL. Paschoal Gaspary, Filip De Turk
Place of PublicationUSA
PublisherIEEE Communications Society
Pages343-350
Number of pages8
ISBN (Print)978-1-4673-0269-2
DOIs
StatePublished - Apr 2012
Event13th IEEE/IFIP Network Operations and Management Symposium, NOMS 2012 - Maui, United States
Duration: 16 Apr 201220 Apr 2012
Conference number: 13
http://noms2012.ieee-noms.org/

Publication series

Name
PublisherIEEE Communications Society
Volume1

Conference

Conference13th IEEE/IFIP Network Operations and Management Symposium, NOMS 2012
Abbreviated titleNOMS 2012
CountryUnited States
CityMaui
Period16/04/1220/04/12
Internet address

Keywords

  • IR-79352
  • EWI-21235
  • EC Grant Agreement nr.: FP7/257513
  • METIS-284989

Cite this

Moreira Moura, G., Sadre, R., Sperotto, A., & Pras, A. (2012). Internet Bad Neighborhoods Aggregation. In L. Paschoal Gaspary, & F. De Turk (Eds.), Proceedings of IEEE/IFIP Network Operations and Management Symposium (NOMS 2012) (pp. 343-350). USA: IEEE Communications Society. DOI: 10.1109/NOMS.2012.6211917
Moreira Moura, Giovane ; Sadre, R. ; Sperotto, Anna ; Pras, Aiko. / Internet Bad Neighborhoods Aggregation. Proceedings of IEEE/IFIP Network Operations and Management Symposium (NOMS 2012). editor / L. Paschoal Gaspary ; Filip De Turk. USA : IEEE Communications Society, 2012. pp. 343-350
@inproceedings{7657bc40b40d4c43a97ffdb35988a8d6,
title = "Internet Bad Neighborhoods Aggregation",
abstract = "Internet Bad Neighborhoods have proven to be an innovative approach for fighting spam. They have also helped to understand how spammers are distributed on the Internet. In our previous works, the size of each bad neighborhood was fixed to a /24 subnetwork. In this paper, however, we investigate if it is feasible to aggregate Internet bad neighborhoods not only at /24, but to any network prefix. To do that, we propose two different aggregation strategies: fixed prefix and variable prefix. The motivation for doing that is to reduce the number of entries in the bad neighborhood list, thus reducing memory storage requirements for intrusion detection solutions. We also introduce two error measures that allow to quantify how much error was incurred by the aggregation process. An evaluation of both strategies was conducted by analyzing real world data in our aggregation prototype.",
keywords = "IR-79352, EWI-21235, EC Grant Agreement nr.: FP7/257513, METIS-284989",
author = "{Moreira Moura}, Giovane and R. Sadre and Anna Sperotto and Aiko Pras",
year = "2012",
month = "4",
doi = "10.1109/NOMS.2012.6211917",
language = "Undefined",
isbn = "978-1-4673-0269-2",
publisher = "IEEE Communications Society",
pages = "343--350",
editor = "{Paschoal Gaspary}, L. and {De Turk}, Filip",
booktitle = "Proceedings of IEEE/IFIP Network Operations and Management Symposium (NOMS 2012)",
address = "United States",

}

Moreira Moura, G, Sadre, R, Sperotto, A & Pras, A 2012, Internet Bad Neighborhoods Aggregation. in L Paschoal Gaspary & F De Turk (eds), Proceedings of IEEE/IFIP Network Operations and Management Symposium (NOMS 2012). IEEE Communications Society, USA, pp. 343-350, 13th IEEE/IFIP Network Operations and Management Symposium, NOMS 2012, Maui, United States, 16/04/12. DOI: 10.1109/NOMS.2012.6211917

Internet Bad Neighborhoods Aggregation. / Moreira Moura, Giovane; Sadre, R.; Sperotto, Anna; Pras, Aiko.

Proceedings of IEEE/IFIP Network Operations and Management Symposium (NOMS 2012). ed. / L. Paschoal Gaspary; Filip De Turk. USA : IEEE Communications Society, 2012. p. 343-350.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Internet Bad Neighborhoods Aggregation

AU - Moreira Moura,Giovane

AU - Sadre,R.

AU - Sperotto,Anna

AU - Pras,Aiko

PY - 2012/4

Y1 - 2012/4

N2 - Internet Bad Neighborhoods have proven to be an innovative approach for fighting spam. They have also helped to understand how spammers are distributed on the Internet. In our previous works, the size of each bad neighborhood was fixed to a /24 subnetwork. In this paper, however, we investigate if it is feasible to aggregate Internet bad neighborhoods not only at /24, but to any network prefix. To do that, we propose two different aggregation strategies: fixed prefix and variable prefix. The motivation for doing that is to reduce the number of entries in the bad neighborhood list, thus reducing memory storage requirements for intrusion detection solutions. We also introduce two error measures that allow to quantify how much error was incurred by the aggregation process. An evaluation of both strategies was conducted by analyzing real world data in our aggregation prototype.

AB - Internet Bad Neighborhoods have proven to be an innovative approach for fighting spam. They have also helped to understand how spammers are distributed on the Internet. In our previous works, the size of each bad neighborhood was fixed to a /24 subnetwork. In this paper, however, we investigate if it is feasible to aggregate Internet bad neighborhoods not only at /24, but to any network prefix. To do that, we propose two different aggregation strategies: fixed prefix and variable prefix. The motivation for doing that is to reduce the number of entries in the bad neighborhood list, thus reducing memory storage requirements for intrusion detection solutions. We also introduce two error measures that allow to quantify how much error was incurred by the aggregation process. An evaluation of both strategies was conducted by analyzing real world data in our aggregation prototype.

KW - IR-79352

KW - EWI-21235

KW - EC Grant Agreement nr.: FP7/257513

KW - METIS-284989

U2 - 10.1109/NOMS.2012.6211917

DO - 10.1109/NOMS.2012.6211917

M3 - Conference contribution

SN - 978-1-4673-0269-2

SP - 343

EP - 350

BT - Proceedings of IEEE/IFIP Network Operations and Management Symposium (NOMS 2012)

PB - IEEE Communications Society

CY - USA

ER -

Moreira Moura G, Sadre R, Sperotto A, Pras A. Internet Bad Neighborhoods Aggregation. In Paschoal Gaspary L, De Turk F, editors, Proceedings of IEEE/IFIP Network Operations and Management Symposium (NOMS 2012). USA: IEEE Communications Society. 2012. p. 343-350. Available from, DOI: 10.1109/NOMS.2012.6211917