Skip to main content
SpringerLink
Log in

Metrics for Measuring ISP Badness: The Case of Spam

(Short Paper)

  • Conference paper
Financial Cryptography and Data Security (FC 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7397))

Included in the following conference series:

Abstract

We consider the problem of ISP targeting for spam prevention through disconnection. Any such endeavor has to rely on adequate metrics that consider both the badness of an ISP as well as the risk of collateral damage. We propose a set of metrics that combines the two. Specifically, the metrics compare each ISP’s “spamcount” with its “disconnectability”. We offer a concrete methodological approach to compute these metrics, and then illustrate themethodology using datasets involving spam statistics and autonomous system relationships. This analysis represents the first step in a broader program to assess the viability of economic countermeasures to spam and other types of malicious activity on the Internet.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Anderson, D., Fleizach, C., Savage, S., Voelker, G.: Spamscatter: Characterizing internet scam hosting infrastructure. In: Proceedings of 16th USENIX Security Symposium, Boston, MA, pp. 135–148 (August 2007)

    Google Scholar 

  2. Anderson, R.: Why information security is hard - an economic perspective. In: Proceedings of the 17th Annual Computer Security Applications Conference (ACSAC 2001), New Orleans, LA (December 2001)

    Google Scholar 

  3. Asghari, H.: Botnet mitigation and the role of ISPs: A quantitative study into the role and incentives of internet service providers in combating botnet propagation and activity, Master Thesis, Delft University of Technology (January 2010)

    Google Scholar 

  4. Böhme, R., Holz, T.: The effect of stock spam on financial markets. In: Proceedings of the Fifth Annual Workshop on Economics and Information Security, WEIS 2006, Cambridge, UK (June 2006)

    Google Scholar 

  5. Clayton, R.: Using early results from the ‘spamHINTS’ project to estimate an ISP Abuse Team’s task. In: Proceedings of the Conference on E-Mail and Anti-Spam (CEAS), Mountain View, CA (July 2006)

    Google Scholar 

  6. Clayton, R.: How much did shutting down McColo help? In: Proceedings of the Conference on E-Mail and Anti-Spam (CEAS), Mountain View, CA (July 2009)

    Google Scholar 

  7. Clayton, R.: Might governments clean-up malware? In: Proceedings of the Ninth Annual Workshop on Economics and Information Security, WEIS 2010, Cambridge, MA (May 2010)

    Google Scholar 

  8. Danchev, D.: Bad, bad, cybercrime-friendly ISPs (March 4, 2009), http://blogs.zdnet.com/security/?p=2764

  9. DiBenedetto, S., Massey, D., Papadopoulos, C., Walsh, P.: Analyzing the aftermath of the McColo shutdown. In: Proceedings of the Ninth Annual International Symposium on Applications and the Internet (SAINT), Seattle, WA, pp. 157–160 (July 2009)

    Google Scholar 

  10. Dimitropoulos, X., Krioukov, D., Fomenkov, M., Huffaker, B., Hyun, Y., Claffy, K., Riley, G.: AS relationships: Inference and validation. ACM Computer Communication Review 37(1), 29–40 (2007)

    Article  Google Scholar 

  11. Ehrlich, W., Karasaridis, A., Liu, D., Hoeflin, D.: Detection of spam hosts and spam bots using network flow traffic modeling. In: Proceedings of the 3rd USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET), San Jose, CA (April 2010)

    Google Scholar 

  12. Esquivel, H., Mori, T., Akella, A.: Router-level spam filtering using TCP fingerprints: Architecture and measurement-based evaluation. In: Proceedings of the Conference on E-Mail and Anti-Spam (CEAS), Mountain View, CA (July 2009)

    Google Scholar 

  13. Grossklags, J., Radosavac, S., Cárdenas, A.A., Chuang, J.: Nudge: Intermediaries’ Role in Interdependent Network Security. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 323–336. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  14. Hao, S., Syed, N.A., Feamster, N., Gray, A.G., Krasser, S.: Detecting spammers with SNARE: Spatio-temporal network-level automatic reputation engine. In: USENIX Security Symposium, pp. 101–118. USENIX Association (2009)

    Google Scholar 

  15. Kalafut, A., Shue, C., Gupta, M.: Malicious hubs: Detecting abnormally malicious autonomous systems. In: Proceedings of the 29th IEEE International Conference on Computer Communications (INFOCOM), San Diego, CA, pp. 326–330 (March 2010)

    Google Scholar 

  16. Kanich, C., Kreibich, C., Levchenko, K., Enright, B., Voelker, G., Paxson, V., Savage, S.: Spamalytics: An empirical analysis of spam marketing conversion. In: Proceedings of the Conference on Computer and Communications Security (CCS), Alexandria, VA, pp. 3–14 (October 2008)

    Google Scholar 

  17. Kirk, J.: ISPs report success in fighting malware-infected PCs (June 2009), http://www.pcworld.com/businesscenter/article/166444/isps_report_success_in_fighting_malwareinfected_pcs.html

  18. KnujOn. Registrar Report (February 2009), http://knujon.com/registrars/#feb09RegistrarReport

  19. Krebs, B.: Takedowns: The shuns and stuns that take the fight to the enemy. McAfee Security Journal 6, 5–8 (2010)

    Google Scholar 

  20. Levchenko, K., Chachra, N., Enright, B., Felegyhazi, M., Grier, C., Halvorson, T., Kanich, C., Kreibich, C., Liu, H., McCoy, D., Pitsillidis, A., Weaver, N., Paxson, V., Voelker, G.M., Savage, S.: Click Trajectories: End-to-End Analysis of the Spam Value Chain. In: Proceedings of 32nd Annual Symposium on Security and Privacy (May 2011)

    Google Scholar 

  21. Lichtman, D., Posner, E.: Holding Internet Service Providers accountable. Supreme Court Economic Review 14, 221–259 (2006)

    Google Scholar 

  22. Mills, E.: Comcast pop-ups alert customers to PC infections. CNet (October 2009), http://news.cnet.com/8301-27080_3-10370996-245.html

  23. Mori, T., Esquivel, H., Akella, A., Shimoda, A., Goto, S.: Understanding large-scale spamming botnets from internet edge sites. In: Proceedings of the Conference on E-Mail and Anti-Spam (CEAS), Redmond, WA (July 2010)

    Google Scholar 

  24. Ramachandran, A., Feamster, N.: Understanding the network-level behavior of spammers. In: Proceedings of the ACM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM 2006), Pisa, Italy, pp. 291–302 (September 2006)

    Google Scholar 

  25. Ramachandran, A., Feamster, N., Vempala, S.: Filtering spam with behavioral blacklisting. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS 2007), Alexandria, VA, pp. 342–351 (October 2007)

    Google Scholar 

  26. Rowe, B., Reeves, D., Gallaher, M.: The role of Internet Service Providers in cyber security (June 2009); Available from the Institute for Homeland Security Solutions

    Google Scholar 

  27. Shin, Y., Gupta, M., Myers, S.: The Nuts and Bolts of a Forum Spam Automator. In: Proceedings of the 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats, LEET (March 2011)

    Google Scholar 

  28. Stone-Gross, B., Kruegel, C., Almeroth, K., Moser, A., Kirda, E.: FIRE: FInding Rogue nEtworks. In: Proceedings of the 25th Annual Computer Security Applications Conference (ACSAC), Honolulu, HI, pp. 231–240 (December 2009)

    Google Scholar 

  29. Takahashi, Y., Ishibashi, K.: Incentive Mechanism for Prompting ISPs to Implement Outbound Filtering of Unwanted Traffic. In: NetGCOOP 2011: International Conference on Network Games, Control and Optimization, Paris, France (October 2011)

    Google Scholar 

  30. Team Cymru Research NFP. IP to ASN mapping, http://www.team-cymru.org/Services/ip-to-asn.html

  31. The Cooperative Association for Internet Data Analysis. The CAIDA AS relationships dataset, http://www.caida.org/data/active/as-relationships/

  32. van Eeten, M., Bauer, J. M.: Economics of malware: Security decisions, incentives and externalities. STI Working Paper (May 2008)

    Google Scholar 

  33. Venkataraman, S., Sen, S., Spatscheck, O., Haffner, P., Song, D.: Exploiting network structure for proactive spam mitigation. In: Proceedings of 16th USENIX Security Symposium, pp.11:1–11:18. USENIX Association, Berkeley (2007)

    Google Scholar 

  34. Zhao, Y., Xie, Y., Yu, F., Ke, Q., Yu, Y., Chen, Y., Gillum, E.: BotGraph: Large scale spamming botnet detection. In: Proceedings of the 6th USENIX Symposium on Networked Systems Design and Implementation (NSDI), Boston, MA, pp. 321–334 (April 2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Mathematics, University of California, Berkeley, USA

    Benjamin Johnson

  2. School of Information, University of California, Berkeley, USA

    John Chuang

  3. College of Information Sciences and Technology, The Pennsylvania State University, USA

    Jens Grossklags

Authors
  1. Benjamin Johnson
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. John Chuang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jens Grossklags
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Nicolas Christin
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Columbia University, 1214 Amsterdam Avenue, 10027-7003, New York, NY, USA

    Angelos D. Keromytis

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Johnson, B., Chuang, J., Grossklags, J., Christin, N. (2012). Metrics for Measuring ISP Badness: The Case of Spam. In: Keromytis, A.D. (eds) Financial Cryptography and Data Security. FC 2012. Lecture Notes in Computer Science, vol 7397. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32946-3_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-32946-3_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-32945-6

  • Online ISBN: 978-3-642-32946-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation