ASwatch: An AS Reputation System to Expose Bulletproof Hosting ASes

dc.contributor.author Konte, Maria
dc.contributor.corporatename Georgia Institute of Technology. Institute for Information Security & Privacy en_US
dc.contributor.corporatename Georgia Institute of Technology. School of Computer Science en_US
dc.date.accessioned 2016-12-12T19:44:07Z
dc.date.available 2016-12-12T19:44:07Z
dc.date.issued 2016-11-18
dc.description Presented on November 18, 2016 at 12:00 p.m. in the Klaus Advanced Computing Building, Room 1116W. en_US
dc.description Maria Konte is a research scientist at School of Computer Science at Georgia Tech, and affiliated with the Institute for Information Security & Privacy. Her research is on network security with a focus on network monitoring and routing security. en_US
dc.description Runtime: 47:08 minutes en_US
dc.description.abstract Bulletproof hosting Autonomous Systems (ASes)—malicious ASes fully dedicated to supporting cybercrime—provide freedom and resources for a cyber-criminal to operate. Their services include hosting a wide range of illegal content, botnet C&C servers, and other malicious resources. Thousands of new ASes are registered every year, many of which are often used exclusively to facilitate cybercrime. A natural approach to squelching bulletproof hosting ASes is to develop a reputation system that can identify them for takedown by law enforcement and as input to other attack detection systems (e.g., spam filters, botnet detection systems). Unfortunately, current AS reputation systems rely primarily on data-plane monitoring of malicious activity from IP addresses (and thus can only detect malicious ASes after attacks are underway), and are not able to distinguish between malicious and legitimate but abused ASes. As a complement to these systems, in this paper, we explore a fundamentally different approach to establishing AS reputation. We present ASwatch, a system that identifies malicious ASes using exclusively the control-plane (i.e., routing) behavior of ASes. ASwatch’s design is based on the intuition that, in an attempt to evade possible detection and remediation efforts, malicious ASes exhibit “agile” control plane behavior (e.g., short-lived routes, aggressive re-wiring). We evaluate our system on known malicious ASes; our results show that ASwatch detects up to 93% of malicious ASes with a 5% false positive rate, which is reasonable to effectively complement existing defense systems. en_US
dc.format.extent 47:08 minutes
dc.identifier.uri http://hdl.handle.net/1853/56086
dc.language.iso en_US en_US
dc.publisher Georgia Institute of Technology en_US
dc.relation.ispartofseries Cybersecurity Lecture Series
dc.subject BGP en_US
dc.subject Control plane behavior en_US
dc.subject Network monitoring en_US
dc.subject Network reputation en_US
dc.subject Network security en_US
dc.subject Routing en_US
dc.title ASwatch: An AS Reputation System to Expose Bulletproof Hosting ASes en_US
dc.type Moving Image
dc.type.genre Lecture
dspace.entity.type Publication
local.contributor.corporatename School of Cybersecurity and Privacy
local.contributor.corporatename College of Computing
local.relation.ispartofseries Institute for Information Security & Privacy Cybersecurity Lecture Series
relation.isOrgUnitOfPublication f6d1765b-8d68-42f4-97a7-fe5e2e2aefdf
relation.isOrgUnitOfPublication c8892b3c-8db6-4b7b-a33a-1b67f7db2021
relation.isSeriesOfPublication 2b4a3c7a-f972-4a82-aeaa-818747ae18a7
Original bundle
Now showing 1 - 2 of 2
No Thumbnail Available
378.39 MB
MP4 Video file
No Thumbnail Available
962 B
Hypertext Markup Language
License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
3.13 KB
Item-specific license agreed upon to submission