Melis, L; Pyrgelis, A; De Cristofaro, E; (2018) On Collaborative Predictive Blacklisting. ACM SIGCOMM Computer Communication Review , 48 (5) pp. 9-20. 10.1145/3310165.3310168.

Preview

Text De Cristofaro_On Collaborative Predictive Blacklisting_AAM.pdf - Accepted Version Download (584kB) | Preview

Abstract

Collaborative predictive blacklisting (CPB) allows to forecast future attack sources based on logs and alerts contributed by multiple organizations. Unfortunately, however, research on CPB has only focused on increasing the number of predicted attacks but has not considered the impact on false positives and false negatives. Moreover, sharing alerts is often hindered by confidentiality, trust, and liability issues, which motivates the need for privacy-preserving approaches to the problem. In this paper, we present a measurement study of state-of-the-art CPB techniques, aiming to shed light on the actual impact of collaboration. To this end, we reproduce and measure two systems: a non privacy-friendly one that uses a trusted coordinating party with access to all alerts [12] and a peer-to-peer one using privacy-preserving data sharing [8]. We show that, while collaboration boosts the number of predicted attacks, it also yields high false positives, ultimately leading to poor accuracy. This motivates us to present a hybrid approach, using a semi-trusted central entity, aiming to increase utility from collaboration while, at the same time, limiting information disclosure and false positives. This leads to a better trade-off of true and false positive rates, while at the same time addressing privacy concerns.

Downloads since deposit

Loading...

119Downloads

Download activity - last month

Export as JSONCSVXML

Loading...

Download activity - last 12 months

Export as XMLCSVJSON

Loading...

Downloads by country - last 12 months

Export as XMLCSVJSON

Loading...

Archive Staff Only

View Item