Towards ISP-normalized botnet infection metrics

Speaker:

Giovane C.M. Moura

Date:

7 March 2014

Time:

15:00

Room:

ZI 2126

Title: Towards ISP-normalized botnet infection metrics

Abstract:

Various blacklists, websites, and studies have ranked Internet Service Providers (ISPs) botnet-related performance by either counting the total number of unique IP addresses or attacks observed over a monitoring period.

However, it is a known fact that IP addresses do not account for the actual number of infected hosts or subscribers in the network of ISPs, due to DHCP lease policies. As a consequence, ISPs having dissimilar DHCP renewing policies may have very dissimilar number of infected subscribers. In this presentation, we will cover the first steps towards normalizing bot count across various ISPs.