Title :
Shades of grey: On the effectiveness of reputation-based “blacklists”
Author :
Sinha, Sushant ; Bailey, Michael ; Jahanian, Farnam
Author_Institution :
Electr. Eng. & Comput. Sci. Dept., Univ. of Michigan, Ann Arbor, MI
Abstract :
Malicious code, or malware, executed on compromised hosts provides a platform for a wide variety of attacks against the availability of the network and the privacy and confidentiality of its users. Unfortunately, the most popular techniques for detecting and preventing malware have been shown to be significantly flawed, and it is widely believed that a significant fraction of the Internet consists of malware infected machines. In response, defenders have turned to coarse-grained, reputation-based techniques, such as real time blackhole lists, for blocking large numbers of potentially malicious hosts and network blocks. In this paper, we perform a preliminary study of a type of reputation-based blacklist, namely those used to block unsolicited email, or spam. We show that, for the network studied, these blacklists exhibit non-trivial false positives and false negatives. We investigate a number of possible causes for this low accuracy and discuss the implications for other types of reputation-based blacklists.
Keywords :
Internet; invasive software; unsolicited e-mail; Internet; malicious code; malware prevention; nontrivial false negative; nontrivial false positive; reputation-based blacklist; spam; unsolicited email; user privacy; Computer crime; Detectors; Ecosystems; Electronic mail; Feeds; Internet; Intrusion detection; Privacy; Uniform resource locators; Unsolicited electronic mail;
Conference_Titel :
Malicious and Unwanted Software, 2008. MALWARE 2008. 3rd International Conference on
Conference_Location :
Fairfax, VI
Print_ISBN :
978-1-4244-3288-2
Electronic_ISBN :
978-1-4244-3289-9
DOI :
10.1109/MALWARE.2008.4690858
