acm-header
Sign In

Communications of the ACM

ACM TechNews

Filtering Network Attacks With a 'netflix' Method


View as: Print Mobile App Share:

University of California, Irvine (UC Irvine) researchers have developed a new method for blacklisting spam, distributed denial-of-service attacks, worms, and other network attacks. The predictive blacklisting method, which was inspired by Netflix's moving ratings-recommendation system, uses a combination of factors to improve blacklisting, including trends in the times of attacks, geographical locations and IP address blocks, and any connections between the attacker and the victim, such as if an attacker has previously challenged the victim's network.

UC Irvine professor Athina Markopoulou says the predictive blacklisting method "formalizes the blacklisting problem" in regards to predicting the sources of attacks. The researchers found that their method improves predictive blacklisting, accurately predicting up to 70 percent of attacks. "The hit-count of our combined method improves the hit-count of the state of the art for every single day," Markopoulou says. She says the method could be applied to security logs gathered by firewalls, for example, helping an enterprise better defend itself against attacks.

The researchers tested their algorithms using hundreds of millions of logs from hundreds of networks, gathered over a one-month period. Markopoulou says the next step is to improve the prediction rate and to understand how attackers could evade the prediction method.

From Dark Reading
View Full Article

 

Abstracts Copyright © 2009 Information Inc., Bethesda, Maryland, USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account