[Infowarrior] - Predictive Blacklisting
Richard Forno
rforno at infowarrior.org
Tue Aug 18 22:49:41 UTC 2009
Predictive Blacklisting as an Implicit Recommendation System
Authors: Fabio Soldo, Anh Le, Athina Markopoulou
(Submitted on 14 Aug 2009)
http://arxiv.org/abs/0908.2007
Abstract: A widely used defense practice against malicious traffic on
the Internet is through blacklists: lists of prolific attack sources
are compiled and shared. The goal of blacklists is to predict and
block future attack sources. Existing blacklisting techniques have
focused on the most prolific attack sources and, more recently, on
collaborative blacklisting. In this paper, we formulate the problem of
forecasting attack sources (also referred to as predictive
blacklisting) based on shared attack logs as an implicit
recommendation system. We compare the performance of existing
approaches against the upper bound for prediction, and we demonstrate
that there is much room for improvement. Inspired by the recent
Netflix competition, we propose a multi-level prediction model that is
adjusted and tuned specifically for the attack forecasting problem.
Our model captures and combines various factors, namely: attacker-
victim history (using time-series) and attackers and/or victims
interactions (using neighborhood models). We evaluate our combined
method on one month of logs from Dshield.org and demonstrate that it
improves significantly the state-of-the-art.
Comments:
Comments: 11 pages; Submitted to INFOCOM 2010
Subjects:
Networking and Internet Architecture (cs.NI)
Cite as:
arXiv:0908.2007v1 [cs.NI]
Submission history From: Fabio Soldo [view email]
[v1] Fri, 14 Aug 2009 03:45:12 GMT (528kb,D)
http://arxiv.org/abs/0908.2007
More information about the Infowarrior
mailing list