Characterization of Blacklists and Tainted Network Traffic

Zhang, Jing; Chivukula, Ari; Bailey, Michael; Karir, Manish; Liu, Mingyan

doi:10.1007/978-3-642-36516-4_22

Jing Zhang¹⁸,
Ari Chivukula¹⁸,
Michael Bailey¹⁸,
Manish Karir¹⁹ &
…
Mingyan Liu¹⁸

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 7799))

Included in the following conference series:

International Conference on Passive and Active Network Measurement

2433 Accesses
5 Citations

Abstract

Threats to the security and availability of the network have contributed to the use of Real-time Blackhole Lists (RBLs) as an attractive method for implementing dynamic filtering and blocking. While RBLs have received considerable study, little is known about the impact of these lists in practice. In this paper, we use nine different RBLs from three different categories to perform the evaluation of RBL tainted traffic at a large regional Internet Service Provider.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 54.99; Price excludes VAT (USA)

Softcover Book: USD 72.00; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Akamai, http://www.akamai.com/
Barracuda reputation blocklist, http://www.barracudacentral.org/
Cbl: Composite blocking list, http://cbl.abuseat.org/
Dshield, http://www.dshield.org/
HpHosts for your pretection, http://hosts-file.net/
Internet has a garbage problem, researcher says, http://www.pcworld.com/article/144006/article.html
Introduction to Cisco IOS NetFlow, http://www.cisco.com/en/US/products/ps6601/prod_white_papers_list.html
Merit Network INC, http://www.merit.edu/
Phishtank, http://www.phishtank.com/
PREDICT: Protected Repository for the Defense of Infrastructure Against Cyber Threats, https://www.predict.org/
SURBL: URL Reputation Data, http://www.surbl.org/
Uceprotector network, http://www.uceprotect.net/
Wpbl: Weighted private block list, http://www.wpbl.info/
Antonakakis, M., Perdisci, R., Dagon, D., Lee, W., Feamster, N.: Building a Dynamic Reputation System for DNS. In: USENIX Security Symposium, pp. 273–290 (2010)
Google Scholar
Esquivel, H., Akella, A., Mori, T.: On the effectiveness of IP reputation for spam filtering. In: Proceedings of COMSNETS 2010, pp. 1–10 (2010)
Google Scholar
Cisco Systems Inc. SpamCop Blocking List (SCBL), http://www.spamcop.net/
Jung, J., Sit, E.: An empirical study of spam traffic and the use of DNS black lists. In: Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement, pp. 370–375. ACM, New York (2004)
Chapter Google Scholar
Creyts, K., Karir, M., Mentley, N.: Towards network reputation - analyzing the makeup of rbls (June 2011)
Google Scholar
Ramachandran, A., Feamster, N.: Understanding the network-level behavior of spammers. In: Proceedings of SIGCOMM 2006, pp. 291–302 (2006)
Google Scholar
Ramachandran, A., Feamster, N., Vempala, S.: Filtering spam with behavioral blacklisting. In: Proceedings of the 14th ACM Conference on Computer and Communications Security (2007)
Google Scholar
Team Cymru Community Services. IP to ASN Mapping, http://www.team-cymru.org/Services/ip-to-asn.html
Shue, C.A., Kalafut, A.J., Gupta, M.: Abnormally malicious autonomous systems and their internet connectivity. IEEE/ACM Trans. Netw. 20(1), 220–230 (2012)
Article Google Scholar
Sinha, S., Bailey, M., Jahanian, F.: Shades of Grey: On the Effectiveness of Reputation-based ”blacklists”. In: Proceedings of MALWARE 2008, pp. 57–64 (October 2008)
Google Scholar
Venkataraman, S., Sen, S., Spatscheck, O., Haffner, P., Song, D.: Exploiting network structure for proactive spam mitigation. In: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium. USENIX Association (2007)
Google Scholar
Xie, Y., Yu, F., Achan, K., Gillum, E., Goldszmidt, M., Wobber, T.: How dynamic are ip addresses? In: Proceedings of SIGCOMM 2007, pp. 301–312 (2007)
Google Scholar
Zhang, J., Porras, P., Ullrich, J.: Highly Predictive Blacklisting. In: Usenix Security (August 2008)
Google Scholar

Download references

Author information

Authors and Affiliations

University of Michigan, Ann Arbor, Michigan, USA
Jing Zhang, Ari Chivukula, Michael Bailey & Mingyan Liu
Department of Homeland Security, Cyber Security Division, Washington DC, USA
Manish Karir

Authors

Jing Zhang
View author publications
You can also search for this author in PubMed Google Scholar
Ari Chivukula
View author publications
You can also search for this author in PubMed Google Scholar
Michael Bailey
View author publications
You can also search for this author in PubMed Google Scholar
Manish Karir
View author publications
You can also search for this author in PubMed Google Scholar
Mingyan Liu
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

School of Mathematical Sciences, University of Adelaide, Innova21 Building, 5005, Adelaide, SA, Australia
Matthew Roughan
Department of Computing, The Hong Kong Polytechnic University, Hunghom, Kowloon, Hong Kong SAR, China
Rocky Chang

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Zhang, J., Chivukula, A., Bailey, M., Karir, M., Liu, M. (2013). Characterization of Blacklists and Tainted Network Traffic. In: Roughan, M., Chang, R. (eds) Passive and Active Measurement. PAM 2013. Lecture Notes in Computer Science, vol 7799. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-36516-4_22

Download citation

DOI: https://doi.org/10.1007/978-3-642-36516-4_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-36515-7
Online ISBN: 978-3-642-36516-4
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics