ABSTRACT
Fighting global security threats with only a local view is inherently difficult. Internet network operators need to fight global phenomena such as botnets, but they are hampered by the fact that operators can observe only the traffic in their local domains. We propose a collaborative approach to this problem, in which operators share aggregate information about the traffic in their respective domains through an automated query mechanism. We argue that existing work on differential privacy and type systems can be leveraged to build a programmable query mechanism that can express a wide range of queries while limiting what can be learned about individual customers. We report on our progress towards building such a mechanism, and we discuss opportunities and challenges of the collaborative security approach.
- P. Bächer, T. Holz, M. Kötter, and G. Wicherski. Know your enemy: Tracking botnets, 2005. http://honeynet.org/papers/bots.Google Scholar
- J. R. Binkley. An algorithm for anomaly-based botnet detection. In Proceedings of the 2nd Conference on Steps to Reducing Unwanted Traffic on the Internet (SRUTI), pages 43--48, July 2006. Google ScholarDigital Library
- A. Blum, C. Dwork, F. McSherry, and K. Nissim. Practical privacy: the SuLQ framework. In Proceedings of the 24th ACM Symposium on Principles of Database Systems (PODS), pages 128--138, June 2005. Google ScholarDigital Library
- A. Blum, K. Ligett, and A. Roth. A learning theory approach to non-interactive database privacy. In Proceedings of the 40th Annual ACM Symposium on Theory of Computing (STOC), pages 609--618, May 2008. Google ScholarDigital Library
- S. Chaudhuri, S. Gulwani, and R. Lublinerman. Continuity analysis of programs. ACM SIGPLAN Notices, 45(1):57--70, 2010. Google ScholarDigital Library
- C.-M. Cheng, H. T. Kung, and K.-S. Tan. Use of spectral analysis in defense against DoS attacks. In Proceedings of IEEE GLOBECOM, volume 3, pages 2143--2148, 2002.Google ScholarCross Ref
- E. Cooke, F. Jahanian, and D. McPherson. The zombie roundup: Understanding, detecting, and disrupting botnets. In Proceedings of the Conference on Steps to Reducing Unwanted Traffic on the Internet (SRUTI), July 2005. Google ScholarDigital Library
- C. Dwork. Differential privacy. In Proceedings of the 33rd International Colloquium on Automata, Languages and Programming (ICALP), 2006. Google ScholarDigital Library
- C. Dwork. Differential privacy: A survey of results. In Proceedings of the International Conference on Theory and Applications of Models of Computation (TAMC), Apr. 2008. Invited paper. Google ScholarDigital Library
- C. Dwork. The differential privacy frontier (extended abstract). In Theory of Cryptography, Lecture Notes in Computer Science, chapter 29, pages 496--502. Springer, 2009. Google ScholarDigital Library
- C. Dwork and J. Lei. Differential privacy and robust statistics. In Proceedings of the 41st Annual ACM Symposium on Theory of Computing (STOC), pages 371--380, 2009. Google ScholarDigital Library
- C. Dwork, F. McSherry, K. Nissim, and A. Smith. Calibrating noise to sensitivity in private data analysis. In Proceedings of the 3rd Theory of Cryptography Conference (TCC), 2006. Google ScholarDigital Library
- J. Goebel and T. Holz. Rishi: Identify bot contaminated host by IRC nickname evaluation. In Proceedings of the 1st Workshop on Hot Topics in Understanding Botnets (HotBots), April 2007. Google ScholarDigital Library
- G. Gu, R. Perdisci, J. Zhang, and W. Lee. Botminer: Clustering analysis of network traffic for protocol- and structure-independent botnet detection. In Proceedings of the 17th USENIX Security Symposium, July 2008. Google ScholarDigital Library
- G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W. Lee. Bothunter: Detecting malware infection through IDS-driven dialog crrelation. In Proceedings of the 16th USENIX Security Symposium, Aug. 2007. Google ScholarDigital Library
- G. Gu, J. Zhang, and W. Lee. Botsniffer: Detecting botnet command and control channels in network traffic. In Proceedings of the Network and Distributed System Security Symposium (NDSS), February 2008.Google Scholar
- A. Gupta, K. Ligett, F. McSherry, A. Roth, and K. Talwar. Differentially private combinatorial optimization, Nov 2009. http://arxiv.org/abs/0903.4510.Google Scholar
- T. Holz, C. Gorecki, K. Rieck, and F. C. Freiling. Measuring and detecting fast-flux service networks. In Proceedings of the Network and Distributed System Security Symposium (NDSS), 2008.Google Scholar
- J. Ioannidis and S. Bellovin. Implementing pushback: Router-based defense against DDoS attacks. In Proceedings of the Network and Distributed System Security Symposium (NDSS), volume 2, Feb. 2002.Google Scholar
- C. Kanich, C. Kreibich, K. Levchenko, B. Enright, G. M. Voelker, V. Paxson, and S. Savage. Spamalytics: an empirical analysis of spam marketing conversion. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), pages 3--14, Oct. 2008. Google ScholarDigital Library
- A. Karasardis, B. Rexroad, and D. Hoeflin. Wide-scale botnet detection and characterization. In Proceedings of the 1st Workshop on Hot Topics in Understanding Botnets (HotBots), 2007. Google ScholarDigital Library
- S. P. Kasiviswanathan, H. K. Lee, K. Nissim, S. Raskhodnikova, and A. Smith. What can we learn privately? In Proceedings of the 49th Annual IEEE Symposium on Foundations of Computer Science (FOCS), pages 531--540, October 2008. Google ScholarDigital Library
- C. Livads, R. Walsh, D. Lapsley, and W. Strayer. Using machine learning techniques to identify botnet traffic. In 2nd IEEE LCN Workshop on Network Security (WNS '06), Nov. 2006.Google Scholar
- F. McSherry and K. Talwar. Mechanism design via differential privacy. In Proceedings of the 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS), pages 94--103, Oct. 2007. Google ScholarDigital Library
- F. D. McSherry. Privacy integrated queries: an extensible platform for privacy-preserving data analysis. In Proceedings of the ACM International Conference on Management of Data (SIGMOD), pages 19--30, 2009. Google ScholarDigital Library
- D. Moore, G. M. Voelker, and S. Savage. Inferring internet denial-of-service activity. In Proceedings of the 10th USENIX Security Symposium, 2001. Google ScholarDigital Library
- A. Narayanan and V. Shmatikov. Robust de-anonymization of large sparse datasets. In Proceedings of the IEEE Symposium on Security and Privacy (S&P), 2008. Google ScholarDigital Library
- K. Nissim, S. Raskhodnikova, and A. Smith. Smooth sensitivity and sampling in private data analysis. In Proceedings of the 39th Annual ACM Symposium on Theory of Computing (STOC), pages 75--84, 2007. Google ScholarDigital Library
- A. Roth and T. Roughgarden. The Median Mechanism: Interactive and efficient privacy with multiple queries. To appear in: Proceedings of the 42nd Annual ACM Symposium on Theory of Computing (STOC). Preprint available as arXiv:0911.1813v1.Google Scholar
- B. Stone-Gross, M. Cova, L. Cavallaro, B. Gilbert, M. Szydlowski, R. Kemmerer, C. Kruegel, and G. Vigna. Your botnet is my botnet: analysis of a botnet takeover. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), pages 635--647, 2009. Google ScholarDigital Library
- T. Yen and M. K. Reiter. Traffic aggregation for malware detection. In Proceedings of the 5th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, volume 5137, pages 207--227. LNCS Springer Berlin / Heidelberg, 2008. Google ScholarDigital Library
Index Terms
- Differential privacy for collaborative security
Recommendations
Collaborative Security: A Survey and Taxonomy
Security is oftentimes centrally managed. An alternative trend of using collaboration in order to improve security has gained momentum over the past few years. Collaborative security is an abstract concept that applies to a wide variety of systems and ...
Collaborative device-level botnet detection for internet of things
Highlights- A review of the state-of-the-art device-level intrusion detection approaches.
- A detailed analysis of existing botnet datasets and their features to support evaluation of IDS.
- A novel trustworthy botnet detection framework for ...
AbstractCyber attacks on the Internet of Things (IoT) have seen a significant increase in recent years. This is primarily due to the widespread adoption and prevalence of IoT within domestic and critical national infrastructures, as well as inherent ...
Mobile Security: Finally a Serious Problem?
The growing popularity of wireless technology may have finally attracted enough hackers to make the potential for serious security threats a reality.
Comments