Internet bad neighborhoods aggregation

Author

Moura, Giovane C M ; Sadre, Ramin ; Sperotto, Anna ; Pras, Aiko

Author_Institution

Centre for Telematics & Inf. Technol. (CTIT), Univ. of Twente, Enschede, Netherlands

fYear

2012

fDate

16-20 April 2012

Firstpage

343

Lastpage

350

Abstract

Internet Bad Neighborhoods have proven to be an innovative approach for fighting spam. They have also helped to understand how spammers are distributed on the Internet. In our previous works, the size of each bad neighborhood was fixed to a /24 subnetwork. In this paper, however, we investigate if it is feasible to aggregate Internet bad neighborhoods not only at /24, but to any network prefix. To do that, we propose two different aggregation strategies: fixed prefix and variable prefix. The motivation for doing that is to reduce the number of entries in the bad neighborhood list, thus reducing memory storage requirements for intrusion detection solutions. We also introduce two error measures that allow to quantify how much error was incurred by the aggregation process. An evaluation of both strategies was conducted by analyzing real world data in our aggregation prototype.

Keywords

Internet; computer network security; unsolicited e-mail; /24 subnetwork; Internet bad neighborhood aggregation; aggregation prototype; aggregation strategies; innovative approach; intrusion detection solutions; memory storage requirements; network prefix; spam fighting; Aggregates; IP networks; Internet; Measurement; Merging; Security; Unsolicited electronic mail;

fLanguage

English

Publisher

ieee

Conference_Titel

Network Operations and Management Symposium (NOMS), 2012 IEEE

Conference_Location

Maui, HI

ISSN

1542-1201

Print_ISBN

978-1-4673-0267-8

Electronic_ISBN

1542-1201

Type

conf

DOI

10.1109/NOMS.2012.6211917

Filename

6211917