EEMCS EPrints Service
Moreira Moura, G.C. and Sadre, R. and Sperotto, A. and Pras, A. (2012) Internet Bad Neighborhoods Aggregation. In: Proceedings of IEEE/IFIP Network Operations and Management Symposium (NOMS 2012), 16-20 Apr 2012, Maui, Hawaii, USA. pp. 343-350. IEEE Communications Society. ISBN 978-1-4673-0269-2
Full text available as:
Official URL: http://dx.doi.org/10.1109/NOMS.2012.6211917
Internet Bad Neighborhoods have proven to be an innovative approach for fighting spam. They have also helped to understand how spammers are distributed on the Internet. In our previous works, the size of each bad neighborhood was fixed to a /24 subnetwork. In this paper, however, we investigate if it is feasible to aggregate Internet bad neighborhoods not only at /24, but to any network prefix. To do that, we propose two different aggregation strategies: fixed prefix and variable prefix. The motivation for doing that is to reduce the number of entries in the bad neighborhood list, thus reducing memory storage requirements for intrusion detection solutions. We also introduce two error measures that allow to quantify how much error was incurred by the aggregation process. An evaluation of both strategies was conducted by analyzing real world data in our aggregation prototype.
Export this item as:
To correct this item please ask your editor
Repository Staff Only: edit this item