Print Email Facebook Twitter Internet Bad Neighborhoods Temporal Behavior Title Internet Bad Neighborhoods Temporal Behavior Author Moreira Moura, G.C. Sadre, R. Pras, A. Faculty Technology, Policy and Management Department POLG Date 2014-05-05 Abstract Malicious hosts tend to be concentrated in certain areas of the IP addressing space, forming the so-called Bad Neighborhoods. Knowledge about this concentration is valuable in predicting attacks from unseen IP addresses. This observation has been employed in previous works to filter out spam. In this paper, we focus on the temporal behavior of bad neighborhoods. The goal is to determine if bad neighborhoods strike multiple times over a certain period of time, and if so, when do the attacks occur. Among other findings, we show that even though bad neighborhoods do not exhibit a favorite combination of days to carry out attacks, 85% of the recurrent bad neighborhoods do carry out a second attack within the first 5 days from the first attack. These and the other findings here presented lead to several considerations on how attack prediction models can be more effective i.e., generating both predictive and short neighborhood blacklists. To reference this document use: http://resolver.tudelft.nl/uuid:c00b5dad-27a2-463a-972b-8f2fe433a847 Publisher IEEE Source IEEE/IFIP NOMS 2014: Network Operations and Management Symposium "Management in a Software Defined World", Krakow, Poland, 5-9 May 2014; preprint Part of collection Institutional Repository Document type conference paper Rights (c) 2014 Moreira Moura, G.C.Sadre, R.Pras, A. Files PDF noms2014.pdf 339.52 KB Close viewer /islandora/object/uuid:c00b5dad-27a2-463a-972b-8f2fe433a847/datastream/OBJ/view