Abstract
This paper studies the routing dynamics of malicious networks. We characterize the routing behavior of malicious networks on both short and long timescales. We find that malicious networks more consistently advertise prefixes with short durations and long inter- arrival times; over longer timescales, we find that malicious ASes connect with more upstream providers than legitimate ASes, and they also change upstream providers more frequently.
- A. Dhamdhere and C. Dovrolis. Ten Years in the Evolution of the Internet Ecosystem. In Proceedings of ACM SIGCOMM/USENIX Internet Measurement Conference (IMC)., 2008. Google ScholarDigital Library
- Hostexploit. http://www.hostexploit.com.Google Scholar
- H. A. Kim and B. Karp. Autograph: Toward automated, distributed worm signature detection. In the 13th conference on USENIX Security Symposium, 2004. Google ScholarDigital Library
- C. Kreibich and J. Crowcroft. Honeycomb: Creating intrusion detection signatures using honeypots. In 2nd Workshop on Hot Topics in Networks (HotNets-II), 2003.Google Scholar
- A. Ramachandran and N. Feamster. Understanding the network-level behavior of spammers. In Proceedings of Sigcomm, 2006. Google ScholarDigital Library
Index Terms
- Wide-area routing dynamics of malicious networks
Recommendations
Wide-area routing dynamics of malicious networks
SIGCOMM '11: Proceedings of the ACM SIGCOMM 2011 conferenceThis paper studies the routing dynamics of malicious networks. We characterize the routing behavior of malicious networks on both short and long timescales. We find that malicious networks more consistently advertise prefixes with short durations and ...
Dynamics of hot-potato routing in IP networks
Despite the architectural separation between intradomain and interdomain routing in the Internet, intradomain protocols do influence the path-selection process in the Border Gateway Protocol (BGP). When choosing between multiple equally-good BGP routes, ...
Dynamics of hot-potato routing in IP networks
SIGMETRICS '04/Performance '04: Proceedings of the joint international conference on Measurement and modeling of computer systemsDespite the architectural separation between intradomain and interdomain routing in the Internet, intradomain protocols do influence the path-selection process in the Border Gateway Protocol (BGP). When choosing between multiple equally-good BGP routes, ...
Comments