Home > Publications
Home University of Twente
Prospective Students
Intranet (internal)

EEMCS EPrints Service

21235 Internet Bad Neighborhoods Aggregation
Home Policy Brochure Browse Search User Area Contact Help

Moreira Moura, G.C. and Sadre, R. and Sperotto, A. and Pras, A. (2012) Internet Bad Neighborhoods Aggregation. In: Proceedings of IEEE/IFIP Network Operations and Management Symposium (NOMS 2012), 16-20 Apr 2012, Maui, Hawaii, USA. pp. 343-350. IEEE Communications Society. ISBN 978-1-4673-0269-2

Full text available as:


211 Kb
Open Access

Official URL:

Exported to Metis


Internet Bad Neighborhoods have proven to be an innovative approach for fighting spam. They have also helped to understand how spammers are distributed on the Internet. In our previous works, the size of each bad neighborhood was fixed to a /24 subnetwork. In this paper, however, we investigate if it is feasible to aggregate Internet bad neighborhoods not only at /24, but to any network prefix. To do that, we propose two different aggregation strategies: fixed prefix and variable prefix. The motivation for doing that is to reduce the number of entries in the bad neighborhood list, thus reducing memory storage requirements for intrusion detection solutions. We also introduce two error measures that allow to quantify how much error was incurred by the aggregation process. An evaluation of both strategies was conducted by analyzing real world data in our aggregation prototype.

Item Type:Conference or Workshop Paper (Full Paper, Talk)
Research Group:EWI-DACS: Design and Analysis of Communication Systems
Research Program:CTIT-DSN: Dependable Systems and Networks
Research Project:UNIVERSELF: Universal Self-management
ID Code:21235
Deposited On:17 January 2012
More Information:statisticsmetis

Export this item as:

To correct this item please ask your editor

Repository Staff Only: edit this item