Taking on Internet Bad Neighborhoods

Giovane Moreira Moura; R. Sadre; Aiko Pras

doi:10.1109/NOMS.2014.6838284

Taking on Internet Bad Neighborhoods

Giovane Moreira Moura, R. Sadre, Aiko Pras

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

2 Citations (Scopus)

32 Downloads (Pure)

Abstract

It’s known fact that malicious IP addresses are not evenly distributed over the IP addressing space. In this paper, we frame networks concentrating malicious addresses as bad neighborhoods. We propose a formal definition and show this concentration can be used to predict future attacks (new spamming sources, in our case), and propose an algorithm to aggregate individual IP addresses can bigger neighborhoods. Moreover, we show how bad neighborhoods are specific according to the exploited application (e.g., spam, ssh) and how the performance of different blacklist sources impacts lightweight spam filtering algorithms.

Original language	Undefined
Title of host publication	Proceedings of the IEEE/IFIP Network Operations and Management Symposium (NOMS 2014)
Place of Publication	USA
Publisher	IEEE Communications Society
Pages	1-7
Number of pages	7
ISBN (Print)	978-1-4799-0913-1
DOIs	https://doi.org/10.1109/NOMS.2014.6838284
Publication status	Published - 5 May 2014
Event	14th IEEE/IFIP Network Operations and Management Symposium, NOMS 2014 - Radisson Park Inn, Krakow, Poland Duration: 5 May 2014 → 9 May 2014 Conference number: 14 http://noms2014.ieee-noms.org/

Publication series

Name
Publisher	IEEE Communications Society

Conference

Conference	14th IEEE/IFIP Network Operations and Management Symposium, NOMS 2014
Abbreviated title	NOMS 2014
Country/Territory	Poland
City	Krakow
Period	5/05/14 → 9/05/14
Internet address	http://noms2014.ieee-noms.org/

Keywords

EWI-25864
METIS-310013
IR-95237

Access to Document

10.1109/NOMS.2014.6838284

2014-NOMS-2

Cite this

@inproceedings{c435d3fc5e3d498ca768fffa8c08f07b,

title = "Taking on Internet Bad Neighborhoods",

abstract = "It{\textquoteright}s known fact that malicious IP addresses are not evenly distributed over the IP addressing space. In this paper, we frame networks concentrating malicious addresses as bad neighborhoods. We propose a formal definition and show this concentration can be used to predict future attacks (new spamming sources, in our case), and propose an algorithm to aggregate individual IP addresses can bigger neighborhoods. Moreover, we show how bad neighborhoods are specific according to the exploited application (e.g., spam, ssh) and how the performance of different blacklist sources impacts lightweight spam filtering algorithms.",

keywords = "EWI-25864, METIS-310013, IR-95237",

author = "{Moreira Moura}, Giovane and R. Sadre and Aiko Pras",

note = "10.1109/NOMS.2014.6838284 ; null ; Conference date: 05-05-2014 Through 09-05-2014",

year = "2014",

month = may,

day = "5",

doi = "10.1109/NOMS.2014.6838284",

language = "Undefined",

isbn = "978-1-4799-0913-1",

publisher = "IEEE Communications Society",

pages = "1--7",

booktitle = "Proceedings of the IEEE/IFIP Network Operations and Management Symposium (NOMS 2014)",

address = "United States",

url = "http://noms2014.ieee-noms.org/",

}

TY - GEN

T1 - Taking on Internet Bad Neighborhoods

AU - Moreira Moura, Giovane

AU - Sadre, R.

AU - Pras, Aiko

N1 - Conference code: 14

PY - 2014/5/5

Y1 - 2014/5/5

N2 - It’s known fact that malicious IP addresses are not evenly distributed over the IP addressing space. In this paper, we frame networks concentrating malicious addresses as bad neighborhoods. We propose a formal definition and show this concentration can be used to predict future attacks (new spamming sources, in our case), and propose an algorithm to aggregate individual IP addresses can bigger neighborhoods. Moreover, we show how bad neighborhoods are specific according to the exploited application (e.g., spam, ssh) and how the performance of different blacklist sources impacts lightweight spam filtering algorithms.

AB - It’s known fact that malicious IP addresses are not evenly distributed over the IP addressing space. In this paper, we frame networks concentrating malicious addresses as bad neighborhoods. We propose a formal definition and show this concentration can be used to predict future attacks (new spamming sources, in our case), and propose an algorithm to aggregate individual IP addresses can bigger neighborhoods. Moreover, we show how bad neighborhoods are specific according to the exploited application (e.g., spam, ssh) and how the performance of different blacklist sources impacts lightweight spam filtering algorithms.

KW - EWI-25864

KW - METIS-310013

KW - IR-95237

U2 - 10.1109/NOMS.2014.6838284

DO - 10.1109/NOMS.2014.6838284

M3 - Conference contribution

SN - 978-1-4799-0913-1

SP - 1

EP - 7

BT - Proceedings of the IEEE/IFIP Network Operations and Management Symposium (NOMS 2014)

PB - IEEE Communications Society

CY - USA

Y2 - 5 May 2014 through 9 May 2014

ER -