By Topic

Abnormally Malicious Autonomous Systems and Their Internet Connectivity

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Shue, C.A. ; Cyberspace Sci. & Inf. Intell. Res. Group, Oak Ridge Nat. Lab., Oak Ridge, TN, USA ; Kalafut, A.J. ; Gupta, M.

While many attacks are distributed across botnets, investigators and network operators have recently identified malicious networks through high profile autonomous system (AS) depeerings and network shutdowns. In this paper, we explore whether some ASs indeed are safe havens for malicious activity. We look for ISPs and ASs that exhibit disproportionately high malicious behavior using 10 popular blacklists, plus local spam data, and extensive DNS resolutions based on the contents of the blacklists. We find that some ASs have over 80% of their routable IP address space blacklisted. Yet others account for large fractions of blacklisted IP addresses. Several ASs regularly peer with ASs associated with significant malicious activity. We also find that malicious ASs as a whole differ from benign ones in other properties not obviously related to their malicious activities, such as more frequent connectivity changes with their BGP peers. Overall, we conclude that examining malicious activity at AS granularity can unearth networks with lax security or those that harbor cybercrime.

Published in:

Networking, IEEE/ACM Transactions on  (Volume:20 ,  Issue: 1 )