@inproceedings{314f2cdc85754ca1be8ddcb05263a36b,
title = "Internet bad neighborhoods temporal behavior",
abstract = "Malicious hosts tend to be concentrated in certain areas of the IP addressing space, forming the so-called Bad Neighborhoods. Knowledge about this concentration is valuable in predicting attacks from unseen IP addresses. This observation has been employed in previous works to filter out spam. In this paper, we focus on the temporal behavior of bad neighborhoods. The goal is to determine if bad neighborhoods strike multiple times over a certain period of time, and if so, when do the attacks occur. Among other findings, we show that even though bad neighborhoods do not exhibit a favorite combination of days to carry out attacks, 85% of the recurrent bad neighborhoods do carry out a second attack within the first 5 days from the first attack. These and the other findings here presented lead to several considerations on how attack prediction models can be more effective i.e., generating both predictive and short neighborhood blacklists.",
author = "Moura, {Giovane C M} and Ramin Sadre and Aiko Pras",
year = "2014",
month = jan,
day = "1",
doi = "10.1109/NOMS.2014.6838306",
language = "English",
isbn = "978-1-4799-0913-1",
series = "I E E E - I F I P Network Operations and Management Symposium",
publisher = "IEEE Computer Society Press",
pages = "1--9",
booktitle = "IEEE/IFIP NOMS 2014 - IEEE/IFIP Network Operations and Management Symposium: Management in a Software Defined World",
address = "United States",
note = "2014 IEEE Network Operations and Management Symposium ; Conference date: 05-05-2014 Through 09-05-2014",
}