Categorizing the entire web with autonomous system numbers presented at Virus Bulletin 2010

by Saeed Abu-nimeh (Websense security labs),


Summary : Recent research has utilized Autonomous System Numbers (ASN) to block spam and malware. However, due to the lack of web
content classification, no studies have explored the idea of categorizing the content of the web using ASN intelligence.
Additionally, attackers are utilizing good locations to spread their malicious code. Leveraging our real-time content
classifiers we demonstrate a multi-dimensional ASN reputation architecture to categorize the content of the web and block
malicious content as well. Each ASN is categorized into high level categories of content and risk profile. We analyse the top one million domains in traffic provided by Alexa. Our experiments show that these one million domains
resolve to almost 11,000 unique ASNs. 79% of these ASNs host business and information technology content, 16% host
objectionable content, 63% host productivity, bandwidth, and mixed content, and 11% host malicious content.