Saeed Abu-Nimeh Websense Security Labs
Dan Hubbard Websense Security Labs
Recent research has utilized Autonomous System Numbers (ASN) to block spam and malware. However, due to the lack of web content classification, no studies have explored the idea of categorizing the content of the web using ASN intelligence. Additionally, attackers are utilizing good locations to spread their malicious code. Leveraging our real-time content classifiers we demonstrate a multi-dimensional ASN reputation architecture to categorize the content of the web and block malicious content as well. Each ASN is categorized into high level categories of content and risk profile.
We analyse the top one million domains in traffic provided by Alexa. Our experiments show that these one million domains resolve to almost 11,000 unique ASNs. 79% of these ASNs host business and information technology content, 16% host objectionable content, 63% host productivity, bandwidth, and mixed content, and 11% host malicious content.