Reference : ASMATRA: Ranking ASs Providing Transit Service to Malware Hosters
Scientific congresses, symposiums and conference proceedings : Paper published in a journal
Engineering, computing & technology : Computer science
http://hdl.handle.net/10993/28416
ASMATRA: Ranking ASs Providing Transit Service to Malware Hosters
English
Wagner, Cynthia [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
François, Jérôme mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
State, Radu mailto [Computer Incident Response Center Luxembourg, Luxembourg]
Dulaunoy, Alexandre [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) > ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)]
Engel, Thomas mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Massen, Gilles [> >]
2013
IFIP/IEEE International Symposium on Integrated Network Management IM2013
IEEE
1-9
Yes
International
IFIP/IEEE International Symposium on Integrated Network Management IM2013
27-31 May 2013
Ghent
Belgium
[en] DNS ; AS graphs ; BGP Ranking ; PageRank algorithm
[en] The Internet has grown into an enormous network offering a variety of services, which are spread over a multitude of domains. BGP-routing and Autonomous Systems (AS) are the key components for maintaining high connectivity in the Internet. Unfortunately, Internet Service Providers (ISPs) operating ASs do not only host normal users and content, but also malicious content used by attackers for spreading malware, hosting phishing web-sites or performing any kind of fraudulent activity. Practical analysis shows that such malware-providing ASs prevent themselves from being de-peered by hiding behind other ASs, which do not host the malware themselves but simply provide transit service for malware. This paper presents a new method for detecting ASs that provide transit service for malware hosters, without being malicious themselves. A formal definition of the problem and the metrics are determined by using the AS graph. The PageRank algorithm is applied to improve the scalability and the completeness of the approach. The method is assessed on real and publicly available datasets, showing promising results.
http://hdl.handle.net/10993/28416

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Limited access
06572994.pdfPublisher postprint507.2 kBRequest a copy

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.