Forum latest

PageRank-like algorithm creates predictive malware blacklist
Written by Daniel   
Friday, 25 July 2008 11:34

It's easy to create a blacklist of sites that have initiated malware attacks on a server, and use that to configure a firewall to prevent further problems.

By John Timmer | Published: July 25, 2008 - 09:45AM CT

But these blacklists are purely retrospective, since sources only appear in the blacklist after attacks have occurred. The DShield project is an attempt to improve upon this. System administrators can upload their firewall logs, which are then processed to identify sources of malware, allowing them to be blacklisted on servers they haven't attacked yet. Some computer scientists have now used the information present in DShield to make predictions of future attacks for specific servers based on the fact that malware displays some network effects.

The motivation for the work is that some malware sources will be more relevant than others; the trick is identifying them based on firewall logs. The authors attempt to do this via a two-pronged approach. The first is simply a evaluation of the source's maliciousness that creates a score based on the potential for havoc that a given attack might create. The second prong is where network effects are evaluated in order to improve the predictive value of the blacklist.

The authors noted that patterns of malware attacks often show network effects. Individual pairs of DShield log contributors often show similar patterns of attacks, meaning that if a malware source attacks one, it's likely to go after the other half of the pair. On a larger scale, these pairs form clusters where, once an attacker goes after several members of a cluster, it's likely to eventually attack the rest. Individual contributors may belong to many clusters, but those clusters appear to be stable over time.  [ARSTechnica...]   [Comments...]

See also

None found.

Hardware | Windows | Linux | Security | Mobile Devices | Gaming
Tech Business | Editorial | General News | folding@home

Forum | Download Files

Copyright ©2001 - 2012, AOA Forums.  All rights reserved.

Alliance of Overclocking Arts

Links monetized by VigLink

Don't Click Here Don't Click Here Either