[CPCC] SEMINAR: Preventing Malicious Traffic on the Internet 2/8 10 AM

Ender Ayanoglu ayanoglu at uci.edu
Mon Feb 1 19:35:00 PST 2010 

                              CPCC SEMINAR

         Predictive Blacklisting as an Implicit Recommendation System

                                   by

                              Fabio Soldo

                        February 8, 2010, Monday
                                 10 AM
                        Engineering Gateway 3161


                                ABSTRACT

A widely used defense practice against malicious traffic on the
Internet is to maintain blacklists, i.e., lists of prolific attack
sources that have generated malicious activity in the past and are
considered likely to do so in the future. Traditional blacklisting
techniques have typically focused on the prolific attack sources and,
more recently, on collaborative blacklisting. In this talk, we study
predictive blacklisting, i.e., the problem of forecasting attack
sources based on past, shared attack logs, and we formulate it as an
implicit recommendation system. Inspired by the recent Netflix
competition, we propose a multilevel prediction model that is tailored
specifically for the attack forecasting problem. Our model captures
and combines various factors, namely: attacker-victim history (using
time-series) and attackers and/or victims interactions (using
neighborhood models). We evaluate our combined method on one-month of
logs from Dshield.org and we demonstrate that it improves
significantly the prediction rate over state-of-the-art methods as
well as the robustness against poisoning attacks.


                          SPEAKER'S BIOGRAPHY

Fabio Soldo received his M.S. degree in Mathematical Engineering from
Pnolitecnico di Torino and Politecnico di Milano, Italy, in 2006 and
his B.S. degree in Mathematics from Politecnico di Torino, Italy, in
2004. He worked as a Research Intern at DoCoMo Euro-Labs and
Telefonica Research, in 2008 and 2009 respectively. He is currently
working towards the Ph.D degree at the University of California,
Irvine. His research interests include, design and optimization of
network algorithms and network protocols, data mining for large-scale
systems and defense mechanisms against malicious traffic on the
Internet.

More information about the CPCC mailing list