How dynamic are IP addresses?

Xie, Yinglian; Yu, Fang; Achan, Kannan; Gillum, Eliot; Goldszmidt, Moisés; Wobber, Ted

doi:10.1145/1282380.1282415

Cited by 106 publications

(45 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We received monthly alignments of our IP data with the entries of their database, and matched them via maximum time difference of plus/minus one hour, which is a reasonable estimate of the time a dynamic IP remains the same on average, see Fig. 7(b) in [26] 17 . On average only about 5% of our IPs could be assigned to an entry and thus spambot type from Marshall with these restrictions, yielding about 2 000 packets which were highly likely to have been sent by a known spambot.…”

Section: Analysis Of Single Packets: Identifying Spambot Typementioning

confidence: 99%

“…While dynalist was explicitly a list of dynamic IP addresses, the PBL also includes non-MTA IPs and may thus be considered slightly tainted. However, a better resource for known dynamic IPs was not available (note that [26] used the same resource). We thus obtained 8359 dynamic IPs with existing rDNS entry and 10387 static IPs with existing rDNS entry.…”

Section: Static Vs Dynamic Ip Addressesmentioning

confidence: 99%

“…There are types of dynamic IP addresses which change less often than once an hour -according to [26] another 3% of IPs might be of this type. We could thus at least double the amount of usable IPs for medium-to long-term tracking at the cost of a more complex model which tries to predict the approximate length of dynamic IP turnover, and do a more complex analysis with a mix of dynamic IPs with different turnover distributions.…”

Section: Open Issuesmentioning

confidence: 99%

See 2 more Smart Citations

On the detection and identification of botnets

Seewald¹,

Gansterer²

2010

Computers & Security

View full text Add to dashboard Cite

We develop and discuss automated and self-adaptive systems for detecting and classifying botnets based on machine learning techniques and integration of human expertise. The proposed concept is purely passive and is based on analyzing information collected at three levels: (i) the payload of single packets received, (ii) observed access patterns to the darknet at the level of network traffic, and (iii) observed contents of TCP/IP traffic at the protocol level.We illustrate experiments based on real-life data collected with a darknet set up for this purpose to show the potential of the proposed concept for (i) and (ii). In (iii) we use a small spamtrap as darknets cannot capture TCP/IP traffic data, so this experiment is not a purely passive approach, but traffic moving through a network could be analyzed in a similar way to obtain a purely passive system for this step as well.

show abstract

Section: Analysis Of Single Packets: Identifying Spambot Typementioning

confidence: 99%

Section: Static Vs Dynamic Ip Addressesmentioning

confidence: 99%

Section: Open Issuesmentioning

confidence: 99%

See 1 more Smart Citation

On the detection and identification of botnets

Seewald¹,

Gansterer²

2010

Computers & Security

View full text Add to dashboard Cite

show abstract

“…While a number of groups have maintained manual lists of dynamicallyassigned addresses, Xie et al have inferred this information for accesses to e-mail provider logs [74]. Trestian et al developed a classification method for addresses based on their presence on the web, as shown through the Google search engine [70].…”

Section: Understanding Network Topologymentioning

confidence: 99%

Uses and Challenges for Network Datasets

Heidemann

Papdopoulos²

2009

2009 Cybersecurity Applications &Amp; Technology Conference for Homeland Security

View full text Add to dashboard Cite

Network datasets are necessary for many types of network research. While there has been significant discussion about specific datasets, there has been less about the overall state of network data collection. The goal of this paper is to explore the research questions facing the Internet today, the datasets needed to answer those questions, and the challenges to using those datasets. We suggest several practices that have proven important in use of current data sets, and open challenges to improve use of network data.

show abstract

“…This method has already been adopted by previous works[9],[10],[11].978-1-4244-5638-3/10/$26.00 ©2010 IEEE This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the IEEE Globecom 2010 proceedings.…”

mentioning

confidence: 99%

Characterizing the Scam Hosting Infrastructure

Huang

Valler

Faloutsos

2010

2010 IEEE Global Telecommunications Conference GLOBECOM 2010

View full text Add to dashboard Cite

Industry has responded to the ever-growing presence of spam by attacking the spam distribution infrastructure, essentially trying to prevent spam email from ever landing in the inbox of end-users. Recently, industry and academia have begun investigating the web hosting infrastructure of spam campaigns, attacking spammers where it hurts most, in their pocketbooks. Spammers have responded by introducing cooperative intermediaries that redirect traffic, effectively decoupling the spamadvertised URL from the final destination website.In this study, we analyze not only the URLs in spam messages, but the less-studied redirection infrastructure that takes the user to a target website or other malicious host. Our initial results show that among all the hosts that can be reached directly from URLs embedded in email bodies, 64.87% are cooperative redirection hosts. However, these redirection hosts are only used to protect a small portion (11.33%) of final destination websites.Additionally, we find that around 70% of embedded URLs resolve to two ranges of IP space (61.0.0.0/8 and 124.0.0.0/8). By further analyzing the relationship between the final destinations and redirection hosts, we find that 74.19% of the final destination hosts are located in the same AS with their redirection hosts.

show abstract

How dynamic are IP addresses?

Cited by 106 publications

References 9 publications

On the detection and identification of botnets

On the detection and identification of botnets

Uses and Challenges for Network Datasets

Characterizing the Scam Hosting Infrastructure

Contact Info

Product

Resources

About