'Bad neighbourhoods' on the internet are a real nuisance

Mar 08, 2013

Of the 42,000 Internet Service Providers (ISPs) surveyed, just 20 were found to be responsible for nearly half of all the internet addresses that send spam. That just is one of the striking results of an extensive study by the University of Twente's Centre for Telematics and Information Technology (CTIT). This study focused on "Bad Neighbourhoods" on the internet (which sometimes correspond to certain geographical areas) that are the source of a great deal of spam, phishing or other undesirable activity. In his thesis, Giovane Moura describes this situation in detail.

Just like in the real world, the internet has also "bad neighbourhoods" whose streets are not safe and where are higher than in other districts. Research into these "Bad on the Internet" can lead to better security solutions. To this end, Moura has carried out the first systematic investigation of malicious hosts, by monitoring and analysing network data. His main conclusion is that is indeed concentrated in limited zones: areas in which the IP addresses show strong similarities, per ISP, or even per country. For instance, this PhD researcher found that 62% of the addresses at one ISP were related to spam. This knowledge can be used to link to specific ISPs.

Geographically determined

It is also interesting to note that different types of activities are associated with different parts of the world. For instance, spam comes mainly from southern Asian countries, while phishing occurs primarily in the United States and other developed countries. The reason for the latter is that these countries are home to most data centres and cloud computing providers. It is also important to distinguish between individual IP addresses that launch one-off attacks and a whole Bad Neighbourhood that almost always launches repeated attacks. This information, too, is very useful in terms of establishing a security strategy. The history of a Bad Neighbourhood, as identified by this PhD researcher, can be of value here.

Giovane César Moreira Moura (from Goiânia, Brazil) carried out his PhD research in the Design and Analysis of Communication Systems department, which is part of the University of Twente's Centre for Telematics and Information Technology (CTIT). His thesis supervisor was Prof. Boudewijn Haverkort and his assistant thesis supervisor was Dr Aiko Pras.

Explore further: Expanding the breadth and impact of cybersecurity and privacy research

More information: Giovane César Moreira Moura (from Goiânia, Brazil) carried out his PhD research in the Design and Analysis of Communication Systems department, which is part of the University of Twente's Centre for Telematics and Information Technology (CTIT). His thesis supervisor was Prof. Boudewijn Haverkort and his assistant thesis supervisor was Dr Aiko Pras.

add to favorites email to friend print save as pdf

Related Stories

IronPort Revamps Security Monitoring Site

May 22, 2007

IronPort Systems has revised its Internet traffic monitoring Web site, a resource for IT staffers searching for a real-time view into security threats.

Measuring 'the Cloud': Performance could be better

Nov 19, 2012

(Phys.org)—Storing information "in the Cloud" is rapidly gaining in popularity. Yet just how do these services really work? Researchers from the University of Twente's Centre for Telematics and Information Technology (CTIT) ...

Recommended for you

US warns retailers on data-stealing malware

20 hours ago

US government cybersecurity watchdogs warned retailers Thursday about malware being circulated that allows hackers to get into computer networks and steal customer data.

Irish bookmaker apologizes for 2010 data breach

20 hours ago

(AP)—Irish betting company Paddy Power announced Thursday it is notifying hundreds of thousands of customers that most of their profile information was stolen in 2010, but hackers did not gain their credit card details ...

User comments : 0