[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
research-article

On collaborative predictive blacklisting

Published: 28 January 2019 Publication History

Abstract

Collaborative predictive blacklisting (CPB) allows to forecast future attack sources based on logs and alerts contributed by multiple organizations. Unfortunately, however, research on CPB has only focused on increasing the number of predicted attacks but has not considered the impact on false positives and false negatives. Moreover, sharing alerts is often hindered by confidentiality, trust, and liability issues, which motivates the need for privacy-preserving approaches to the problem. In this paper, we present a measurement study of state-of-the-art CPB techniques, aiming to shed light on the actual impact of collaboration. To this end, we reproduce and measure two systems: a non privacy-friendly one that uses a trusted coordinating party with access to all alerts [12] and a peer-to-peer one using privacy-preserving data sharing [8]. We show that, while collaboration boosts the number of predicted attacks, it also yields high false positives, ultimately leading to poor accuracy. This motivates us to present a hybrid approach, using a semi-trusted central entity, aiming to increase utility from collaboration while, at the same time, limiting information disclosure and false positives. This leads to a better trade-off of true and false positive rates, while at the same time addressing privacy concerns.

References

[1]
Symantec DeepSight. https://symc.ly/2rXxB1w.
[2]
U.S. Anti-Bot Code of Conduct for Internet service providers: Barriers and Metrics Considerations {PDF}. https://is.gd/OgTCOG, 2013.
[3]
Facebook ThreatExchange. https://threatexchange.fb.com, 2015.
[4]
D. Chakrabarti, S. Papadimitriou, D. S. Modha, and C. Faloutsos. Fully automatic cross-associations. In ACM KDD, 2004.
[5]
E. De Cristofaro, P. Gasti, and G. Tsudik. Fast and Private Computation of Cardinality of Set Intersection and Union. In CANS, 2012.
[6]
E. De Cristofaro and G. Tsudik. Practical private set intersection protocols with linear complexity. In Financial Cryptography and Data Security, 2010.
[7]
E. De Cristofaro and G. Tsudik. Experimenting with fast private set intersection. In TRUST, 2012.
[8]
J. Freudiger, E. De Cristofaro, and A. Brito. Controlled Data Sharing for Collaborative Predictive Blacklisting. In DIMVA, 2015.
[9]
S. Kamara, P. Mohassel, M. Raykova, and S. Sadeghian. Scaling private set intersection to billion-element sets. In FC. 2014.
[10]
S. Katti, B. Krishnamurthy, and D. Katabi. Collaborating against common enemies. In ACM IMC, 2005.
[11]
L. Melis, G. Danezis, and E. De Cristofaro. Efficient Private Statistics with Succinct Sketches. In NDSS, 2016.
[12]
F. Soldo, A. Le, and A. Markopoulou. Predictive blacklisting as an implicit recommendation system. In INFOCOM, 2010.
[13]
The White House. Executive order promoting private sector cybersecurity information sharing. http://1.usa.gov/1vISfBO, 2015.
[14]
J. Zhang, P. A. Porras, and J. Ullrich. Highly predictive blacklisting. In USENIX, 2008.

Cited By

View all
  • (2024)Amortizing Circuit-PSI in the Multiple Sender/Receiver SettingIACR Communications in Cryptology10.62056/a0fhsgvtwOnline publication date: 7-Oct-2024
  • (2024)Access-Side DDoS Defense for Space-Air-Ground Integrated 6G V2X NetworksIEEE Open Journal of the Communications Society10.1109/OJCOMS.2024.33937525(2847-2868)Online publication date: 2024
  • (2023)Distance-aware private set intersectionProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620256(319-336)Online publication date: 9-Aug-2023
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM SIGCOMM Computer Communication Review
ACM SIGCOMM Computer Communication Review  Volume 48, Issue 5
October 2018
83 pages
ISSN:0146-4833
DOI:10.1145/3310165
Issue’s Table of Contents

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 January 2019
Published in SIGCOMM-CCR Volume 48, Issue 5

Check for updates

Badges

Author Tags

  1. collaborative predictive blacklisting
  2. privacy
  3. threat mitigation

Qualifiers

  • Research-article

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)33
  • Downloads (Last 6 weeks)1
Reflects downloads up to 18 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2024)Amortizing Circuit-PSI in the Multiple Sender/Receiver SettingIACR Communications in Cryptology10.62056/a0fhsgvtwOnline publication date: 7-Oct-2024
  • (2024)Access-Side DDoS Defense for Space-Air-Ground Integrated 6G V2X NetworksIEEE Open Journal of the Communications Society10.1109/OJCOMS.2024.33937525(2847-2868)Online publication date: 2024
  • (2023)Distance-aware private set intersectionProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620256(319-336)Online publication date: 9-Aug-2023
  • (2022)Limiting the Size of a Predictive Blacklist While Maintaining Sufficient AccuracyProceedings of the 17th International Conference on Availability, Reliability and Security10.1145/3538969.3539007(1-6)Online publication date: 23-Aug-2022
  • (2022)BlackEye: automatic IP blacklisting using machine learning from security logsWireless Networks10.1007/s11276-019-02201-528:2(937-948)Online publication date: 1-Feb-2022
  • (2020)Predictive Cyber Situational Awareness and Personalized BlacklistingACM Transactions on Management Information Systems10.1145/338625011:4(1-16)Online publication date: 23-Sep-2020
  • (2020)Improving Efficiency of Web Application Firewall to Detect Code Injection Attacks with Random Forest Method and Analysis Attributes HTTP RequestProgramming and Computing Software10.1134/S036176882005007246:5(351-361)Online publication date: 1-Sep-2020
  • (2019)Evaluating the artifacts of SIGCOMM papersACM SIGCOMM Computer Communication Review10.1145/3336937.333694449:2(44-47)Online publication date: 21-May-2019

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media