Description: This presentation by Dhia Mahjoub (OpenDNS) was presented at VB2014 in Seattle, WA, USA
The IP space has 4 billion addresses, the AS space 46,000+ AS numbers, and the BGP prefix space 520,000+ prefixes. Together, they form the foundation of addressing, routing and hosting on the Internet.
Most current reputation systems used for network-level threat detection derive scores for IPs, BGP prefixes or ASNs based on hosted content.
In this talk, we take a novel approach by exploring the AS graph which models the interconnections between ASNs. We uncover hotspots of maliciousness by analysing AS graph topology, hosted content and IP space reservation; and shed some light on suspicious relationships between ASNs and abusive IP sub-allocations.
This exploration methodology enriches classical scoring mechanisms that are based on the counting of malicious domains/IPs hosted on ASNs.
This method also provides actionable intelligence and can be used to pre-emptively detect and block malicious IP infrastructures before or immediately after they are set up for waging malware campaigns.
We will go over multiple relevant use cases of attack domains detected by this system, such as trojan C&Cs, exploit kit domains, malware domains, etc.
For More information please visit: - https://www.virusbtn.com/index
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.