Speaker: | Giovane C.M. Moura |
Date: | 7 March 2014 |
Time: | 15:00 |
Room: | ZI 2126 |
Title: Towards ISP-normalized botnet infection metrics
Abstract:
Various blacklists, websites, and studies have ranked Internet Service Providers (ISPs) botnet-related performance by either counting the total number of unique IP addresses or attacks observed over a monitoring period.
However, it is a known fact that IP addresses do not account for the actual number of infected hosts or subscribers in the network of ISPs, due to DHCP lease policies. As a consequence, ISPs having dissimilar DHCP renewing policies may have very dissimilar number of infected subscribers. In this presentation, we will cover the first steps towards normalizing bot count across various ISPs.