3 research outputs found
Network entity characterization and attack prediction
The devastating effects of cyber-attacks, highlight the need for novel attack
detection and prevention techniques. Over the last years, considerable work has
been done in the areas of attack detection as well as in collaborative defense.
However, an analysis of the state of the art suggests that many challenges
exist in prioritizing alert data and in studying the relation between a
recently discovered attack and the probability of it occurring again. In this
article, we propose a system that is intended for characterizing network
entities and the likelihood that they will behave maliciously in the future.
Our system, namely Network Entity Reputation Database System (NERDS), takes
into account all the available information regarding a network entity (e. g. IP
address) to calculate the probability that it will act maliciously. The latter
part is achieved via the utilization of machine learning. Our experimental
results show that it is indeed possible to precisely estimate the probability
of future attacks from each entity using information about its previous
malicious behavior and other characteristics. Ranking the entities by this
probability has practical applications in alert prioritization, assembly of
highly effective blacklists of a limited length and other use cases.Comment: 30 pages, 8 figure
The Cooperative Defense Overlay Network: A Collaborative Automated Threat Information Sharing Framework for a Safer Internet
With the ever-growing proliferation of hardware and software-based computer security exploits and the increasing power and prominence of distributed attacks, network and system administrators are often forced to make a difficult decision: expend tremendous resources on defense from sophisticated and continually evolving attacks from an increasingly dangerous Internet with varying levels of success; or expend fewer resources on defending against common attacks on "low hanging fruit," hoping to avoid the less common but incredibly devastating zero-day worm or botnet attack. Home networks and small organizations are usually forced to choose the latter option and in so doing are left vulnerable to all but the simplest of attacks. While automated tools exist for sharing information about network-based attacks, this sharing is typically limited to administrators of large networks and dedicated security-conscious users, to the exclusion of smaller organizations and novice home users. In this thesis we propose a framework for a cooperative defense overlay network (CODON) in which participants with varying technical abilities and resources can contribute to the security and health of the internet via automated crowdsourcing, rapid information sharing, and the principle of collateral defense