ASMATRA: Rankin g ASs Providing Transit Service to Malware Hosters

Autor:	Wagner, Cynthia, François, Jérôme, State, Radu, Dulaunoy, Alexandre, Engel, Thomas, Massen, Gilles
Přispěvatelé:	François, Jérôme, Universal Integration of the Internet of Things through an IPv6-based Service Oriented Architecture enabling heterogeneous components interoperability - IOT6 - - EC:FP7:ICT2011-10-01 - 2014-09-30 - 288445 - VALID, RESTENA Foundation, RESTENA, Interdisciplinary Centre for Security, Reliability and Trust [Luxembourg] (SnT), Université du Luxembourg (Uni.lu), Computer Incident Response Center Luxembourg (CIRCL), SMILE, European Project: 288445,EC:FP7:ICT,FP7-ICT-2011-7,IOT6(2011)
Jazyk:	angličtina
Rok vydání:	2013
Předmět:	[INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI] [INFO.INFO-NI] Computer Science [cs]/Networking and Internet Architecture [cs.NI] BGP malware transit graph
Zdroj:	International Symposium on Integrated Network Management International Symposium on Integrated Network Management, May 2013, Ghent, Belgium
Popis:	International audience; The Internet has grown into an enormous network offering a variety of services, which are spread over a multitude of domains. BGP-routing and Autonomous Systems (AS) are the key components for maintaining high connectivity in the Internet. Unfortunately, Internet Service Providers (ISPs) operating ASs do not only host normal users and content, but also malicious content used by attackers for spreading malware, hosting phishing web-sites or performing any kind of fraudulent activity. Practical analysis shows that such malware-providing ASs prevent themselves from being de-peered by hiding behind other ASs, which do not host the malware themselves but simply provide transit service for malware. This paper presents a new method for detecting ASs that provide transit service for malware hosters, without being malicious themselves. A formal definition of the problem and the metrics are determined by using the AS graph. The PageRank algorithm is applied to improve the scalability and the completeness of the approach. The method is assessed on real and publicly available datasets, showing promising results.
Databáze:	OpenAIRE
Externí odkaz:	https://explore.openaire.eu/search/publication?articleId=dedup_wf_001::e301d3b559a7aa6cc4ec802c401a9f6b https://inria.hal.science/hal-00846082 Zobrazit plný text záznamu