Title :
Evaluating third-party Bad Neighborhood blacklists for Spam detection
Author :
Moura, Giovane C. M. ; Sperotto, Anna ; Sadre, Ramin ; Pras, Aiko
Author_Institution :
Centre for Telematics & Inf. Technol. (CTIT), Design & Anal. of Commun. Syst. (DACS), Enschede, Netherlands
Abstract :
The distribution of malicious hosts over the IP address space is far from being uniform. In fact, malicious hosts tend to be concentrated in certain portions of the IP address space, forming the so-called Bad Neighborhoods. This phenomenon has been previously exploited to filter Spam by means of Bad Neighborhood blacklists. In this paper, we evaluate how much a network administrator can rely upon different Bad Neighborhood blacklists generated by third-party sources to fight Spam. One could expect that Bad Neighborhood blacklists generated from different sources contain, to a varying degree, disjoint sets of entries. Therefore, we investigate (i) how specific a blacklist is to its source, and (ii) whether different blacklists can be interchangeably used to protect a target from Spam. We analyze five Bad Neighborhood blacklists generated from real-world measurements and study their effectiveness in protecting three production mail servers from Spam. Our findings lead to several operational considerations on how a network administrator could best benefit from Bad Neighborhood-based Spam filtering.
Keywords :
IP networks; computer network security; information filtering; unsolicited e-mail; IP address space; bad neighborhood-based spam filtering; malicious hosts distribution; network administrator; real-world measurements; spam detection; third-party bad neighborhood blacklists; Computer aided instruction; IP networks; Internet; Postal services; Servers; Unsolicited electronic mail;
Conference_Titel :
Integrated Network Management (IM 2013), 2013 IFIP/IEEE International Symposium on
Conference_Location :
Ghent
Print_ISBN :
978-1-4673-5229-1
