Wednesday 24 September 16:00 - 16:30, Red room.Dhia Mahjoub OpenDNS This paper is available online (HTML, PDF). download slides (PDF) The IP space has 4 billion addresses, the AS space 46,000+ AS numbers, and the BGP prefix space 520,000+ prefixes. Together, they form the foundation of addressing, routing and hosting on the Internet. Most current reputation systems used for network-level threat detection derive scores for IPs, BGP prefixes or ASNs based on hosted content. In this talk, we take a novel approach by exploring the AS graph which models the interconnections between ASNs. We uncover hotspots of maliciousness by analysing AS graph topology, hosted content and IP space reservation; and shed some light on suspicious relationships between ASNs and abusive IP sub-allocations. This exploration methodology enriches classical scoring mechanisms that are based on the counting of malicious domains/IPs hosted on ASNs. This method also provides actionable intelligence and can be used to pre-emptively detect and block malicious IP infrastructures before or immediately after they are set up for waging malware campaigns.