Loading...
Please wait, while we are loading the content...
Similar Documents
Detecting Infection Source and Building Predictive Blacklists with an Attack-Source Scoring System
| Content Provider | Semantic Scholar |
|---|---|
| Author | Li, Liyun Memon, W. Nasir |
| Abstract | —We present a network behavior based scoring system dedicated to inferring the maliciousness of hosts outside the perimeter of an institution/enterprise. Our viewpoint is strictly from the perspective of a network administrator. The scores are generated for external hosts outside the perimeter of the institution where the system is deployed, which we call "attack-source score". The unique property of our approach is that, we believe most infections stem from interactions with unknown external hosts with the assumption that the external hosts are " responsible " and " accusable " when its internal counterpart exhibits malicious/suspicious behavior. This unique feature of our approach makes our system independent of particular attack vectors and abstracts away attack characteristics. With a real deployment, we show by experiments that the system provides a global view of the maliciousness/risks of external hosts, and demonstrates the application of our system in two use cases: (1) detecting the infection source or a ranked list of suspected infection sources for network forensic and incidence response purposes; (2) building a predictive blacklist to aid network administrators to be aware of potentially dangerous external IPs even before an attack has been detected and the IP exhibited on third-party blacklists. |
| File Format | PDF HTM / HTML |
| Alternate Webpage(s) | http://www.albany.edu/iasymposium/proceedings/2013/14-LiMemon.pdf |
| Language | English |
| Access Restriction | Open |
| Content Type | Text |
| Resource Type | Article |
