Network Convergence & Security Laboratory

Dear all,

In the next seminar, I'll introduce the paper "BLAG- Improving the Accuracy of Blacklists" published at NDSS 2020.

The abstract is as follows.

ABSTRACT

IP address blacklists are a useful source of information about repeat attackers. Such information can be used to prioritize which traffic to divert for deeper inspection (e.g., repeat offender traffic), or which traffic to serve first (e.g., traffic from sources that are not blacklisted). But blacklists also suffer from overspecialization – each list is geared towards a specific purpose – and they may be inaccurate due to misclassification or stale information. We propose BLAG, a system that evaluates and aggregates multiple blacklists feeds, producing a more useful, accurate and timely master blacklist, tailored to the specific customer network. BLAG uses a sample of the legitimate sources of the customer network’s inbound traffic to evaluate the accuracy of each blacklist over regions of address space. It then leverages recommendation systems to select the most accurate information to aggregate into its master blacklist. Finally, BLAG identifies portions of the master blacklist that can be expanded into larger address regions (e.g. /24 prefixes) to uncover more malicious addresses with minimum collateral damage. Our evaluation of 157 blacklists of various attack types and three ground-truth datasets shows that BLAG achieves high specificity up to 99%, improves recall by up to 114 times compared to competing approaches, and detects attacks up to 13.7 days faster, which makes it a promising approach for blacklist generation.

 

Best regards,

Minhyeok Kang

제목 작성자 추천수 조회수 작성
[2020. 10. 28] Composition Kills: A Case Study of Email Sender Authentication file mkpark 0 7 2020-10-28 [2020. 10. 28] Composition Kills: A Case Study of Email Sender Authentication file
mkpark 2020-10-28 7 0
[2020.10.07] SoK: Delegation and Revocation, the Missing Links in the Web’s Chain of Trust file jhlee2019 0 26 2020-10-07 [2020.10.07] SoK: Delegation and Revocation, the Missing Links in the Web’s Chain of Trust file
jhlee2019 2020-10-07 26 0
[2019.09.29] Estimating Attention Flow in Online Video Network file slchun 0 33 2020-09-28 [2019.09.29] Estimating Attention Flow in Online Video Network file
slchun 2020-09-28 33 0
[2020.09.16] Poison Over Troubled Forwarders: A Cache Poisoning Attack Targeting DNS Forwarding Devices file hmlee 0 49 2020-09-15 [2020.09.16] Poison Over Troubled Forwarders: A Cache Poisoning Attack Targeting DNS Forwarding Devices file
hmlee 2020-09-15 49 0
[2020.09.09] Everyone is Different : Client-side Diversification for Defending Against Extension Fingerprinting file syseok 0 61 2020-09-09 [2020.09.09] Everyone is Different : Client-side Diversification for Defending Against Extension Fingerprinting file
syseok 2020-09-09 61 0
[2020.09.02] 50 Ways to Leak Your Data: An Exploration of Apps’ Circumvention of the Android Permissions System file ykjung 0 64 2020-09-02 [2020.09.02] 50 Ways to Leak Your Data: An Exploration of Apps’ Circumvention of the Android Permissions System file
ykjung 2020-09-02 64 0
[2020.08.25] SmrtFridge: IoT-based, User Interaction-Driven Food Item & Quantity Sensing file crhamm 0 62 2020-08-24 [2020.08.25] SmrtFridge: IoT-based, User Interaction-Driven Food Item & Quantity Sensing file
crhamm 2020-08-24 62 0
[2020.08.18] BLAG- Improving the Accuracy of Blacklists file mhkang 0 76 2020-08-18 [2020.08.18] BLAG- Improving the Accuracy of Blacklists file
mhkang 2020-08-18 76 0
[2020.08.11] Virtualized Congestion Control file jhsong 0 67 2020-08-11 [2020.08.11] Virtualized Congestion Control file
jhsong 2020-08-11 67 0
[2020.08.04] Encrypted DNS → Privacy? A Traffic Analysis Perspective file hmlee 0 76 2020-08-03 [2020.08.04] Encrypted DNS → Privacy? A Traffic Analysis Perspective file
hmlee 2020-08-03 76 0