Sciweavers

INFOCOM
2010
IEEE

Predictive Blacklisting as an Implicit Recommendation System

13 years 9 months ago
Predictive Blacklisting as an Implicit Recommendation System
A widely used defense practice against malicious traffic on the Internet is to maintain blacklists, i.e., lists of prolific attack sources that have generated malicious activity in the past and are considered likely to do so in the future. Traditional blacklisting techniques have typically focused on the prolific attack sources and, more recently, on collaborative blacklisting. In this paper, we study predictive blacklisting, i.e., the problem of forecasting attack sources based on past, shared attack logs, and we formulate it as an implicit recommendation system. Inspired by the recent Netflix competition, we propose a multilevel prediction model that is tailored specifically for the attack forecasting problem. Our model captures and combines various factors, namely: attacker-victim history (using time-series) and attackers and/or victims interactions (using neighborhood models). We evaluate our combined method on one-month of logs from Dshield.org and we demonstrate that it improves ...
Fabio Soldo, Anh Le, Athina Markopoulou
Added 13 Feb 2011
Updated 13 Feb 2011
Type Journal
Year 2010
Where INFOCOM
Authors Fabio Soldo, Anh Le, Athina Markopoulou
Comments (0)