摘要: The notion of blacklisting communication sources has been a well-established defensive measure since the origins Internet community. In particular, practice compiling and sharing lists worst offenders unwanted traffic is strategy that remained virtually unquestioned over many years. But do individuals who incorporate such blacklists into their perimeter defenses benefit from contents as much they could other list-generation strategies? this paper, we will argue there exist better alternative blacklist generation strategies can produce higher-quality results for an individual network. introduce system based on relevance ranking scheme borrowed link-analysis produces customized choose to contribute data centralized log-sharing infrastructure. measures how closely related attack source contributor, using attacker's history contributor's recent log production patterns. also integrates substantive prefiltering severity metric captures degree which alert patterns match those common malware-propagation behavior. Our intent yield individualized not only significantly higher hit rates, but addresses pose greatest potential threat. We tested our corpus 700 million entries produced DShield center result shows enhance counts proactively attacker in timely fashion. An early form have fielded contributors last year.
cyber-ta.org 参考文章(17)
Marco Gori, Augusto Pucci, ItemRank: a random-walk based scoring algorithm for recommender engines international joint conference on artificial intelligence. pp. 2766- 2771 ,(2007)
Johannes Ullrich, Phillip Porras, Jian Zhang, A new service for increasing the effectiveness of network address blacklists conference on steps to reducing unwanted traffic on internet. pp. 4- ,(2007)
Brad Karp, Hyang-Ah Kim, Autograph: toward automated, distributed worm signature detection usenix security symposium. pp. 19- 19 ,(2004)
K.G. Anagnostakis, M.B. Greenwald, S. Ioannidis, A.D. Keromytis, Dekai Li, A cooperative immunization system for an untrusting Internet international conference on networks. pp. 403- 408 ,(2003) , 10.1109/ICON.2003.1266224
Jaeyeon Jung, V. Paxson, A.W. Berger, H. Balakrishnan, Fast portscan detection using sequential hypothesis testing ieee symposium on security and privacy. pp. 211- 225 ,(2004) , 10.1109/SECPRI.2004.1301325
Don Coppersmith, Shmuel Winograd, Matrix multiplication via arithmetic progressions Journal of Symbolic Computation. ,vol. 9, pp. 251- 280 ,(1990) , 10.1016/S0747-7171(08)80013-2
Zesheng Chen, Chuanyi Ji, Optimal worm-scanning method using vulnerable-host distributions International Journal of Security and Networks. ,vol. 2, pp. 71- 80 ,(2007) , 10.1504/IJSN.2007.012826
Dina Katabi, Balachander Krishnamurthy, Sachin Katti, Collaborating against common enemies internet measurement conference. pp. 34- 34 ,(2005) , 10.5555/1251086.1251120
Sergey Brin, Lawrence Page, The anatomy of a large-scale hypertextual Web search engine the web conference. ,vol. 30, pp. 107- 117 ,(1998) , 10.1016/S0169-7552(98)00110-X
Vinod Yegneswaran, Paul Barford, Johannes Ullrich, Internet intrusions: global characteristics and prevalence measurement and modeling of computer systems. ,vol. 31, pp. 138- 147 ,(2003) , 10.1145/781027.781045