Amazon.com Recommendations: Item-to-Item Collaborative Filtering
IEEE Internet Computing
Fully automatic cross-associations
Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
IEEE Transactions on Knowledge and Data Engineering
BLINC: multilevel traffic classification in the dark
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
A multifaceted approach to understanding the botnet phenomenon
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Collaborating against common enemies
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
The Zombie roundup: understanding, detecting, and disrupting botnets
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Filtering spam with behavioral blacklisting
Proceedings of the 14th ACM conference on Computer and communications security
Highly predictive blacklisting
SS'08 Proceedings of the 17th conference on Security symposium
Handbook of Statistical Analysis and Data Mining Applications
Handbook of Statistical Analysis and Data Mining Applications
Detecting spammers with SNARE: spatio-temporal network-level automatic reputation engine
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
On the potential of proactive domain blacklisting
LEET'10 Proceedings of the 3rd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Proactive discovery of phishing related domain names
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Detecting spammers via aggregated historical data set
NSS'12 Proceedings of the 6th international conference on Network and System Security
Source address filtering for large scale networks
Computer Communications
| Hi-index | 0.00 |
A widely used defense practice against malicious traffic on the Internet is to maintain blacklists, i.e., lists of prolific attack sources that have generated malicious activity in the past and are considered likely to do so in the future. Traditional blacklisting techniques have typically focused on the prolific attack sources and, more recently, on collaborative blacklisting. In this paper, we study predictive blacklisting, i.e., the problem of forecasting attack sources based on past, shared attack logs, and we formulate it as an implicit recommendation system. Inspired by the recent Netflix competition, we propose a multilevel prediction model that is tailored specifically for the attack forecasting problem. Our model captures and combines various factors, namely: attacker-victim history (using time-series) and attackers and/or victims interactions (using neighborhood models). We evaluate our combined method on one-month of logs from Dshield.org and we demonstrate that it improves significantly the prediction rate over state-of-the-art methods as well as the robustness against poisoning attacks.