On inferring autonomous system relationships in the internet
IEEE/ACM Transactions on Networking (TON)
Understanding the network-level behavior of spammers
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
AS relationships: inference and validation
ACM SIGCOMM Computer Communication Review
SS'08 Proceedings of the 17th conference on Security symposium
Having your cake and eating it too: routing security with privacy protections
Proceedings of the 10th ACM Workshop on Hot Topics in Networks
A comparative study of cyberattacks
Communications of the ACM
Private and verifiable interdomain routing decisions
Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication
Private and verifiable interdomain routing decisions
ACM SIGCOMM Computer Communication Review - Special october issue SIGCOMM '12
| Hi-index | 0.02 |
While many attacks are distributed across botnets, investigators and network operators have recently targeted malicious networks through high profile autonomous system (AS) de-peerings and network shut-downs. In this paper, we explore whether some ASes indeed are safe havens for malicious activity. We look for ISPs and ASes that exhibit disproportionately high malicious behavior using 12 popular blacklists. We find that some ASes have over 80% of their routable IP address space blacklisted and others account for large fractions of blacklisted IPs. Overall, we conclude that examining malicious activity at the AS granularity can unearth networks with lax security or those that harbor cybercrime.