A robust algorithm for predicting attacks using collaborative security logs

Amir Rezapour, Wen Guey Tzeng

Research output: Contribution to journalArticlepeer-review

1 Scopus citations

Abstract

As networks become ubiquitous in our daily lives, users rely more on networks for exchanging data and communication. However, numerous new and sophisticated attacks that endanger security of users have been reported. In practice, blacklisting illicit sources has been a fundamental defense strategy in recent years. In this paper, we propose a predictor that is based on the observations from a centralized log-sharing infrastructure. Our observations include the direct relation between attackers and victims, victim similarities, and attacker correlations. We compile a customized blacklist for each Dshield.org contributor using a weighted function of direct and indirect relations between victims and attackers. This list not only offers a significantly higher prediction ratio, but also includes source addresses with potentially higher threats. We evaluate our predictor using two months of malicious activities acquired from Dshield.org. The experimental results demonstrate a significant improvement over previous algorithms.

Original languageEnglish
Pages (from-to)597-619
Number of pages23
JournalJournal of Information Science and Engineering
Volume36
Issue number3
DOIs
StatePublished - May 2020

Keywords

  • Association rule mining
  • Data mining
  • IP blacklisting
  • Machine learning
  • Network security
  • Prediction algorithms

Fingerprint

Dive into the research topics of 'A robust algorithm for predicting attacks using collaborative security logs'. Together they form a unique fingerprint.

Cite this