TY - GEN
T1 - Re-wiring activity of malicious networks
AU - Konte, Maria
AU - Feamster, Nick
PY - 2012
Y1 - 2012
N2 - This paper studies the AS-level re-wiring dynamics (changes in the connectivity) of malicious networks. Anecdotal evidence suggests that some malicious ASes that are primarily involved in nefarious activities on the Internet, were sequentially de-peered by providers before their final cut-off (as occurred in the well-publicized cases of Atrivo/Intercage). We present the first systematic study of the re-wiring dynamics of malicious ASes. We tracked the ASes that were listed by Hostexploit over the last two years and compared their AS-level re-wiring dynamics with non-reported ASes. Using a publicly available dataset of Customer-Provider (CP) relations in the Internet's AS graph, we studied how interconnection between autonomous systems evolves, both for ASes that provide connectivity for attackers and ASes that were not reported as malicious. We find that malicious networks are more aggressive both in forming links with providers and changing their upstream connectivity than other ASes. Our results indicate that the re-wiring dynamics of the networks that host attacks are stable over time, despite the evolving nature of the attacks themselves, which suggests that existing defense mechanisms could benefit from incorporating these features.
AB - This paper studies the AS-level re-wiring dynamics (changes in the connectivity) of malicious networks. Anecdotal evidence suggests that some malicious ASes that are primarily involved in nefarious activities on the Internet, were sequentially de-peered by providers before their final cut-off (as occurred in the well-publicized cases of Atrivo/Intercage). We present the first systematic study of the re-wiring dynamics of malicious ASes. We tracked the ASes that were listed by Hostexploit over the last two years and compared their AS-level re-wiring dynamics with non-reported ASes. Using a publicly available dataset of Customer-Provider (CP) relations in the Internet's AS graph, we studied how interconnection between autonomous systems evolves, both for ASes that provide connectivity for attackers and ASes that were not reported as malicious. We find that malicious networks are more aggressive both in forming links with providers and changing their upstream connectivity than other ASes. Our results indicate that the re-wiring dynamics of the networks that host attacks are stable over time, despite the evolving nature of the attacks themselves, which suggests that existing defense mechanisms could benefit from incorporating these features.
UR - http://www.scopus.com/inward/record.url?scp=84859083474&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84859083474&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-28537-0_12
DO - 10.1007/978-3-642-28537-0_12
M3 - Conference contribution
AN - SCOPUS:84859083474
SN - 9783642285363
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 116
EP - 125
BT - Passive and Active Measurement - 13th International Conference, PAM 2012, Proceedings
T2 - 13th International Conference on Passive and Active Measurement, PAM 2012
Y2 - 12 March 2012 through 14 March 2012
ER -