Malicious Hubs: Detecting Abnormally Malicious Autonomous Systems

@article{Kalafut2010MaliciousHD,
  title={Malicious Hubs: Detecting Abnormally Malicious Autonomous Systems},
  author={Andrew J. Kalafut and Craig A. Shue and Minaxi Gupta},
  journal={2010 Proceedings IEEE INFOCOM},
  year={2010},
  pages={1-5}
}
While many attacks are distributed across botnets, investigators and network operators have recently targeted malicious networks through high profile autonomous system (AS) de-peerings and network shut-downs. In this paper, we explore whether some ASes indeed are safe havens for malicious activity. We look for ISPs and ASes that exhibit disproportionately high malicious behavior using 12 popular blacklists. We find that some ASes have over 80\% of their routable IP address space blacklisted and… CONTINUE READING

Figures, Tables, and Topics from this paper.

Citations

Publications citing this paper.
SHOWING 1-10 OF 19 CITATIONS

A Reputation-Based Method to Secure Inter-Domain Routing

  • 2013 IEEE 10th International Conference on High Performance Computing and Communications & 2013 IEEE International Conference on Embedded and Ubiquitous Computing
  • 2013
VIEW 11 EXCERPTS
CITES BACKGROUND
HIGHLY INFLUENCED

Identification and Evaluation of Discriminative Lexical Features of Malware URL for Real-Time Classification

  • 2016 International Conference on Computer and Communication Engineering (ICCCE)
  • 2016
VIEW 1 EXCERPT
CITES METHODS

References

Publications referenced by this paper.
SHOWING 1-10 OF 19 REFERENCES

PhishTank

OpenDNS
  • http://www.phishtank.com/.
VIEW 6 EXCERPTS
HIGHLY INFLUENTIAL

SBL

Spamhaus Project
  • http://www.spamhaus.org/sbl/ index.lasso.
VIEW 7 EXCERPTS
HIGHLY INFLUENTIAL

XBL

——
  • http://www.spamhaus.org/xbl/index.lasso.
VIEW 12 EXCERPTS
HIGHLY INFLUENTIAL

Anti-phishing working group

APWG
  • http://www.antip hishing.org/.
VIEW 5 EXCERPTS
HIGHLY INFLUENTIAL

Malwarepatrol - malware block list

MalwarePatrol
  • h ttp://www. malwarepatrol.net/lists.shtml.
VIEW 4 EXCERPTS
HIGHLY INFLUENTIAL

Bad seed ISP Atrivo cut off from rest of the Int ernet

J. Hruska
  • 2008. [Online]. Available: http://arstechnica.com/secur ity/news/2008/ 09/bad-seed-isp-atrivo-cut-off-from-rest-of-the-inte r t.ars
  • 2008
VIEW 4 EXCERPTS
HIGHLY INFLUENTIAL

FTC forces hive of scum and villainy ISP offline

J. Cheng
  • 2009. [Online]. Available: http://arstechnica.com/tech-polic y/news/2009/06/ ftc-forces-hive-of-scum-and-villainy-isp-offline.ars
  • 2009
VIEW 1 EXCERPT