Predictive Blacklisting as an Implicit Recommendation System

Featuring Fabio Soldo
Ph.D. Candidate
The Henry Samueli School of Engineering, UC Irvine

Location:  Engineering Gateway 3161
Free and open to the public

Abstract:
A widely used defense practice against malicious traffic on the Internet is to maintain blacklists, i.e., lists of prolific attack sources that have generated malicious activity in the past and are considered likely to do so in the future. Traditional blacklisting techniques have typically focused on the prolific attack sources and, more recently, on collaborative blacklisting. In this talk, we study predictive blacklisting, i.e., the problem of forecasting attack sources based on past, shared attack logs, and we formulate it as an implicit recommendation system. Inspired by the recent Netflix competition, we propose a multilevel prediction model that is tailored specifically for the attack forecasting problem. Our model captures and combines various factors, namely: attacker-victim history (using time-series) and attackers and/or victims interactions (using neighborhood models). We evaluate our combined method on one-month of logs from Dshield.org and we demonstrate that it improves significantly the prediction rate over state-of-the-art methods as well as the robustness against poisoning attacks.

About the Speaker:
Fabio Soldo received his M.S. degree in mathematical engineering from Politecnico di Torino and Politecnico di Milano, Italy, in 2006, and his B.S. degree in mathematics from Politecnico di Torino, Italy, in 2004. He worked as a research intern at DoCoMo Euro-Labs and Telefonica Research, in 2008 and 2009 respectively. He is currently working towards a Ph.D degree at the University of California, Irvine. His research interests include, design and optimization of network algorithms and network protocols, data mining for large-scale systems and defense mechanisms against malicious traffic on the Internet.