highly predictive blacklisting
Download
Skip this Video
Download Presentation
Highly Predictive Blacklisting

Loading in 2 Seconds...

play fullscreen
1 / 14

Highly Predictive Blacklisting - PowerPoint PPT Presentation


  • 61 Views
  • Uploaded on

Highly Predictive Blacklisting. 5/10 黃瀚嶙. Introduction. GWOL-global worst offender list LWOL-local worst offender list HPB -highly predictive blacklisting. References. Highly Predictive Blacklisting

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Highly Predictive Blacklisting' - robert


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
introduction
Introduction
  • GWOL-global worst offender list
  • LWOL-local worst offender list
  • HPB -highly predictive blacklisting
references
References
  • Highly Predictive Blacklisting

Jian Zhang, Phillip Porras, and Johannes Ullrich. Highly predictive blacklisting. In Usenix Security Symposium, 2008.

blacklisting system prefiltering logs
Blacklisting System -Prefiltering Logs
  • remove invalid or unassigned IP address space

-like 10.x.x.x or 192.168.x.x

  • use the whitelist
  • exclude specific port

-TCP 53 (DNS), 25 (SMTP), 80 (HTTP)…etc

blacklisting system relevance ranking2
Blacklisting System -Relevance Ranking
  • relevance vector
  • Thers is a fast solution like
  • the rank of a source with respect to different contributors is different
blacklisting system attack pattern severity
Blacklisting System -Attack Pattern Severity
  • cm:total num of attack port, cu :total num of unique port
  • wm, wu : the weight of Cm Cu
  • TC(s):unique target IP addresses connected to by attacker s.
  • malware severity score
blacklisting system blacklist production
Blacklisting System -Blacklist Production
  • final blacklist for each contributor

-k :relevance rank of the attacker

-L:final list length

conclusion
Conclusion
  • new attacker prediction quality
  • new system to generate blacklists
ad