UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

On Collaborative Predictive Blacklisting

Melis, L; Pyrgelis, A; De Cristofaro, E; (2018) On Collaborative Predictive Blacklisting. ACM SIGCOMM Computer Communication Review , 48 (5) pp. 9-20. 10.1145/3310165.3310168. Green open access

[thumbnail of De Cristofaro_On Collaborative Predictive Blacklisting_AAM.pdf]
De Cristofaro_On Collaborative Predictive Blacklisting_AAM.pdf - Accepted version

Download (584kB) | Preview


Collaborative predictive blacklisting (CPB) allows to forecast future attack sources based on logs and alerts contributed by multiple organizations. Unfortunately, however, research on CPB has only focused on increasing the number of predicted attacks but has not considered the impact on false positives and false negatives. Moreover, sharing alerts is often hindered by confidentiality, trust, and liability issues, which motivates the need for privacy-preserving approaches to the problem. In this paper, we present a measurement study of state-of-the-art CPB techniques, aiming to shed light on the actual impact of collaboration. To this end, we reproduce and measure two systems: a non privacy-friendly one that uses a trusted coordinating party with access to all alerts [12] and a peer-to-peer one using privacy-preserving data sharing [8]. We show that, while collaboration boosts the number of predicted attacks, it also yields high false positives, ultimately leading to poor accuracy. This motivates us to present a hybrid approach, using a semi-trusted central entity, aiming to increase utility from collaboration while, at the same time, limiting information disclosure and false positives. This leads to a better trade-off of true and false positive rates, while at the same time addressing privacy concerns.

Type: Article
Title: On Collaborative Predictive Blacklisting
Open access status: An open access version is available from UCL Discovery
DOI: 10.1145/3310165.3310168
Publisher version: https://doi.org/10.1145/3310165.3310168
Language: English
Additional information: This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions.
Keywords: Collaborative Predictive Blacklisting; Privacy; Threat Mitigation
UCL classification: UCL
UCL > Provost and Vice Provost Offices
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science
URI: https://discovery.ucl.ac.uk/id/eprint/10061779
Downloads since deposit
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item