University of Twente Student Theses
Effective granularity in Internet badhood detection: Detection rate, Precision and Implementation performance
Davanian, Ali (2017) Effective granularity in Internet badhood detection: Detection rate, Precision and Implementation performance.
|
PDF
1MB |
| Abstract: | New malicious nodes appear everyday on the Internet. Previous studies have shown that these nodes are not randomly distributed on the Internet; similar to the high density of criminal activities in real world bad neighborhoods, there exist Internet bad neighborhoods. Two common features to draw the local network boundaries within Internet and hence identifying the bad neighborhoods are fixed /24 IP prefix and dynamic Border Gateway Protocol (BGP) IP prefix. The main difference between these two features is the size of the underlying neighborhood and hence the granularity in the measurement of malicious activity. In this study, by analyzing a dataset of Command and Control servers and botnets, we show that BGP prefix is preferred in identifying bad neighborhoods because it offers 8% better detection rate in identifying new malicious nodes. |
| Item Type: | Essay (Master) |
| Clients: | Redsocks Security, The Hague, The Netherlands |
| Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
| Subject: | 54 computer science |
| Programme: | Computer Science MSc (60300) |
| Link to this item: | https://purl.utwente.nl/essays/73199 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page