Computer Science – Networking and Internet Architecture
Scientific paper
2009-08-14
Computer Science
Networking and Internet Architecture
Comments: 11 pages; Submitted to INFOCOM 2010
Scientific paper
A widely used defense practice against malicious traffic on the Internet is through blacklists: lists of prolific attack sources are compiled and shared. The goal of blacklists is to predict and block future attack sources. Existing blacklisting techniques have focused on the most prolific attack sources and, more recently, on collaborative blacklisting. In this paper, we formulate the problem of forecasting attack sources (also referred to as predictive blacklisting) based on shared attack logs as an implicit recommendation system. We compare the performance of existing approaches against the upper bound for prediction, and we demonstrate that there is much room for improvement. Inspired by the recent Netflix competition, we propose a multi-level prediction model that is adjusted and tuned specifically for the attack forecasting problem. Our model captures and combines various factors, namely: attacker-victim history (using time-series) and attackers and/or victims interactions (using neighborhood models). We evaluate our combined method on one month of logs from Dshield.org and demonstrate that it improves significantly the state-of-the-art.
Le Anh
Markopoulou Athina
Soldo Fabio
No associations
LandOfFree
Predictive Blacklisting as an Implicit Recommendation System does not yet have a rating. At this time, there are no reviews or comments for this scientific paper.
If you have personal experience with Predictive Blacklisting as an Implicit Recommendation System, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Predictive Blacklisting as an Implicit Recommendation System will most certainly appreciate the feedback.
Profile ID: LFWR-SCP-O-272201