ASMATRA: Ranking ASs providing transit service to malware hosters

The Internet has grown into an enormous network offering a variety of services, which are spread over a multitude of domains. BGP-routing and Autonomous Systems (AS) are the key components for maintaining high connectivity in the Internet. Unfortunately, Internet Service Providers (ISPs) operating ASs do not only host normal users and content, but also malicious content used by attackers for spreading malware, hosting phishing websites or performing any kind of fraudulent activity. Practical analysis shows that such malware-providing ASs prevent themselves from being de-peered by hiding behind other ASs, which do not host the malware themselves but simply provide transit service for malware. This paper presents a new method for detecting ASs that provide transit service for malware hosters, without being malicious themselves. A formal definition of the problem and the metrics are determined by using the AS graph. The PageRank algorithm is applied to improve the scalability and the completeness of the approach. The method is assessed on real and publicly available datasets, showing promising results.

[1]  Craig A. Shue,et al.  Abnormally Malicious Autonomous Systems and Their Internet Connectivity , 2012, IEEE/ACM Transactions on Networking.

[2]  Aiko Pras,et al.  Internet bad neighborhoods aggregation , 2012, 2012 IEEE Network Operations and Management Symposium.

[3]  Yin Zhang,et al.  BGP routing stability of popular destinations , 2002, IMW '02.

[4]  Kevin C. Almeroth,et al.  FIRE: FInding Rogue nEtworks , 2009, 2009 Annual Computer Security Applications Conference.

[5]  Craig A. Shue,et al.  Malicious Hubs: Detecting Abnormally Malicious Autonomous Systems , 2010, 2010 Proceedings IEEE INFOCOM.

[6]  Maurizio Patrignani,et al.  Dynamic Analysis of the Autonomous System Graph , 2004 .

[7]  Mário M. Freire,et al.  Information Networking. Towards Ubiquitous Networking and Services, International Conference, ICOIN 2007, Estoril, Portugal, January 23-25, 2007. Revised Selected Papers , 2008, ICOIN.

[8]  Taher H. Haveliwala Efficient Computation of PageRank , 1999 .

[9]  Bernhard Plattner,et al.  Rating Autonomous Systems , 2009, 2009 Fourth International Conference on Internet Monitoring and Protection.

[10]  Ye Wang,et al.  Inter-Domain Access Volume Model: Ranking Autonomous Systems , 2007, ICOIN.

[11]  Cheng Jin,et al.  Network maps beyond connectivity , 2005, GLOBECOM '05. IEEE Global Telecommunications Conference, 2005..

[12]  Nick Feamster,et al.  Understanding the network-level behavior of spammers , 2006, SIGCOMM.

[13]  Rajeev Motwani,et al.  The PageRank Citation Ranking : Bringing Order to the Web , 1999, WWW 1999.

[14]  Zhen Wu,et al.  BGP routing dynamics revisited , 2007, CCRV.

[15]  N. ALVES,et al.  Topology and Shortest Path Length Evolution of The Internet Autonomous Systems Interconnectivity , 2007 .

[16]  Rick Howard,et al.  Cyber Fraud: Tactics, Techniques and Procedures , 2009 .

[17]  Tony Bates,et al.  Guidelines for creation, selection, and registration of an Autonomous System (AS) , 1996, RFC.

[18]  Dina Katabi,et al.  Iterative Collaborative Ranking of Customers and Providers , 2006 .

[19]  Radu State,et al.  BotTrack: Tracking Botnets Using NetFlow and PageRank , 2011, Networking.

[20]  Rick Howard The Russian Business Network: The Rise and Fall of a Criminal ISP , 2009 .

[21]  Michalis Faloutsos,et al.  Power laws and the AS-level internet topology , 2003, TNET.