On inferring autonomous system relationships in the internet
IEEE/ACM Transactions on Networking (TON)
BGP routing stability of popular destinations
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Locating internet routing instabilities
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Understanding the network-level behavior of spammers
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
AS relationships: inference and validation
ACM SIGCOMM Computer Communication Review
Accurate Real-time Identification of IP Prefix Hijacking
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Practical defenses against BGP prefix hijacking
CoNEXT '07 Proceedings of the 2007 ACM CoNEXT conference
Ispy: detecting ip prefix hijacking on my own
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
SS'08 Proceedings of the 17th conference on Security symposium
Dynamics of Online Scam Hosting Infrastructure
PAM '09 Proceedings of the 10th International Conference on Passive and Active Network Measurement
Phishing Infrastructure Fluxes All the Way
IEEE Security and Privacy
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Secure Border Gateway Protocol (S-BGP)
IEEE Journal on Selected Areas in Communications
First insights from a mobile honeypot
Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication
First insights from a mobile honeypot
ACM SIGCOMM Computer Communication Review - Special october issue SIGCOMM '12
Characterization of blacklists and tainted network traffic
PAM'13 Proceedings of the 14th international conference on Passive and Active Measurement
Driving in the cloud: an analysis of drive-by download operations and abuse reporting
DIMVA'13 Proceedings of the 10th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Hi-index | 0.00 |
While many attacks are distributed across botnets, investigators and network operators have recently identified malicious networks through high profile autonomous system (AS) depeerings and network shutdowns. In this paper, we explore whether some ASs indeed are safe havens for malicious activity. We look for ISPs and ASs that exhibit disproportionately high malicious behavior using 10 popular blacklists, plus local spam data, and extensive DNS resolutions based on the contents of the blacklists. We find that some ASs have over 80% of their routable IP address space blacklisted. Yet others account for large fractions of blacklisted IP addresses. Several ASs regularly peer with ASs associated with significant malicious activity. We also find that malicious ASs as a whole differ from benign ones in other properties not obviously related to their malicious activities, such as more frequent connectivity changes with their BGP peers. Overall, we conclude that examining malicious activity at AS granularity can unearth networks with lax security or those that harbor cybercrime.