Systems Seminar - CSE
Blacklisting and Filtering Sources of Malicious Traffic
Add to Google Calendar
Dealing with malicious traffic on the Internet is a difficult problem that requires the synergy of several components. In this talk, we focus
on two widely used defense mechanisms, namely blacklisting and filtering of malicious sources.
The first part of the talk is about blacklists, i.e., lists of IP
sources that are considered likely to generate malicious activity in
the future. We formulate the problem of constructing predictive
blacklists, based on past logs, as an implicit recommendation system.
We propose a multi-level prediction model that captures various
patterns of malicious behavior, including: the attacker-victim history
(using time-series) as well as attackers' and/or victims' interactions
(using neighborhood models). Using one-month of Dshield.org logs, we
demonstrate that our combined method significantly improves the prediction rate and the robustness against poisoning attacks, compared
to state-of-the-art methods.
The second part of the talk is about source-based filtering of
malicious traffic using access control lists (ACLs). Filters (ACLs)
are already available at the routers today but are a scarce resource
because they are stored in TCAM. Aggregation can help in practice: a
single filter can be used to block an entire IP prefix, thus reducing
the number of filters but also blocking legitimate traffic. We present
a framework for optimal source-based filtering for a range of attack
scenarios and operator's policies. We develop optimal, yet
computationally efficient, algorithms and we demonstrate that they
perform well in practice.
Athina Markopoulou is an assistant professor in EECS at the University
of California, Irvine. She received the Diploma degree in Electrical
and Computer Engineering from the National Technical University of
Athens, Greece, in 1996, and the Master's and Ph.D. degrees in
Electrical Engineering from Stanford University, in 1998 and 2003
respectively. Her research interests include network coding, network
security and Internet measurements. She received the NSF CAREER award