Title :
Blacklisting Recommendation System: Using Spatio-Temporal Patterns to Predict Future Attacks
Author :
Soldo, Fabio ; Le, Anh ; Markopoulou, Athina
Author_Institution :
Electr. Eng. & Comput. Sci. Dept., Univ. of California, Irvine, CA, USA
fDate :
8/1/2011 12:00:00 AM
Abstract :
In this paper, we study the problem of forecasting attack sources based on past attack logs from several contributors. We formulate this problem as an implicit recommendation system, and we propose a multi-level prediction model to solve it. Our model evaluates and combines various factors, namely: (i) attacker-victim history using time-series, (ii) attackers and/or victims interactions using neighborhood models and (iii) global patterns using singular value decomposition. We evaluate our combined method, referred to as Blacklisting Recommendation System (or BRS), on one month of logs from Dshield, and we demonstrate that it improves significantly the prediction rate over state-of-the-art methods as well as the robustness against poisoning attacks. Along the way, we analyze the Dshield dataset, and we reveal dominant patterns of malicious traffic.
Keywords :
recommender systems; singular value decomposition; SVD; blacklisting recommendation system; forecasting attack source; multilevel prediction model; recommendation system; spatio-temporal pattern; time series; IP networks; Noise; Prediction algorithms; Predictive models; Robustness; Security;
Journal_Title :
Selected Areas in Communications, IEEE Journal on
DOI :
10.1109/JSAC.2011.110808
