'Bad neighbourhoods' on the internet are a real nuisance

Mar 08, 2013

Of the 42,000 Internet Service Providers (ISPs) surveyed, just 20 were found to be responsible for nearly half of all the internet addresses that send spam. That just is one of the striking results of an extensive study by the University of Twente's Centre for Telematics and Information Technology (CTIT). This study focused on "Bad Neighbourhoods" on the internet (which sometimes correspond to certain geographical areas) that are the source of a great deal of spam, phishing or other undesirable activity. In his thesis, Giovane Moura describes this situation in detail.

Just like in the real world, the internet has also "bad neighbourhoods" whose streets are not safe and where are higher than in other districts. Research into these "Bad on the Internet" can lead to better security solutions. To this end, Moura has carried out the first systematic investigation of malicious hosts, by monitoring and analysing network data. His main conclusion is that is indeed concentrated in limited zones: areas in which the IP addresses show strong similarities, per ISP, or even per country. For instance, this PhD researcher found that 62% of the addresses at one ISP were related to spam. This knowledge can be used to link to specific ISPs.

Geographically determined

It is also interesting to note that different types of activities are associated with different parts of the world. For instance, spam comes mainly from southern Asian countries, while phishing occurs primarily in the United States and other developed countries. The reason for the latter is that these countries are home to most data centres and cloud computing providers. It is also important to distinguish between individual IP addresses that launch one-off attacks and a whole Bad Neighbourhood that almost always launches repeated attacks. This information, too, is very useful in terms of establishing a security strategy. The history of a Bad Neighbourhood, as identified by this PhD researcher, can be of value here.

Giovane César Moreira Moura (from Goiânia, Brazil) carried out his PhD research in the Design and Analysis of Communication Systems department, which is part of the University of Twente's Centre for Telematics and Information Technology (CTIT). His thesis supervisor was Prof. Boudewijn Haverkort and his assistant thesis supervisor was Dr Aiko Pras.

Explore further: A Closer Look: Your (online) life after death

More information: Giovane César Moreira Moura (from Goiânia, Brazil) carried out his PhD research in the Design and Analysis of Communication Systems department, which is part of the University of Twente's Centre for Telematics and Information Technology (CTIT). His thesis supervisor was Prof. Boudewijn Haverkort and his assistant thesis supervisor was Dr Aiko Pras.

add to favorites email to friend print save as pdf

Related Stories

IronPort Revamps Security Monitoring Site

May 22, 2007

IronPort Systems has revised its Internet traffic monitoring Web site, a resource for IT staffers searching for a real-time view into security threats.

Measuring 'the Cloud': Performance could be better

Nov 19, 2012

(Phys.org)—Storing information "in the Cloud" is rapidly gaining in popularity. Yet just how do these services really work? Researchers from the University of Twente's Centre for Telematics and Information Technology (CTIT) ...

Recommended for you

A Closer Look: Your (online) life after death

19 hours ago

Sure, you have a lot to do today—laundry, bills, dinner—but it's never too early to start planning for your digital afterlife, the fate of your numerous online accounts once you shed this mortal coil.

Web filter lifts block on gay sites

19 hours ago

A popular online safe-search filter is ending its practice of blocking links to mainstream gay and lesbian advocacy groups for users hoping to avoid obscene sites.

Protecting infrastructure with smarter CPS

Sep 16, 2014

Security of IT networks is continually being improved to protect against malicious hackers. Yet when IT networks interface with infrastructures such as water and electric systems to provide monitoring and control capabilities, ...

Apple helps iTunes users delete free U2 album

Sep 15, 2014

Apple on Monday began helping people boot U2 off their iTunes accounts after a cacophony of complaints about not wanting the automatically downloaded free album by the Irish rock band.

User comments : 0