Abstract
Analogous to the real world, sources of malicious activities on the Internet tend to be concentrated in certain networks instead of being evenly distributed. In this article we formally define and frame such areas as Internet Bad Neighborhoods. By extending the reputation of malicious IP addresses to their neighbors, the bad neighborhood approach ultimately enables attack prediction from unforeseen addresses. We investigate spam and phishing bad neighborhoods, and show how their underlying business models, counter-intuitively, influences the location of the neighborhoods (both geographically and in the IP addressing space). We also show how bad neighborhoods are highly concentrated at a few Internet Service Providers and discuss how our findings can be employed to improve current network and spam filters and incentivize botnet mitigation initiatives.
| Originalsprog | Engelsk |
|---|---|
| Artikelnummer | 6852094 |
| Tidsskrift | IEEE Communications Magazine |
| Vol/bind | 52 |
| Udgave nummer | 7 |
| Sider (fra-til) | 132-139 |
| Antal sider | 8 |
| ISSN | 0163-6804 |
| DOI | |
| Status | Udgivet - jul. 2014 |