nach oben

Erschienen in:

2015 | OriginalPaper | Buchkapitel

Controlled Data Sharing for Collaborative Predictive Blacklisting

verfasst von : Julien Freudiger, Emiliano De Cristofaro, Alejandro E. Brito

Erschienen in: Detection of Intrusions and Malware, and Vulnerability Assessment

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Although data sharing across organizations is often advocated as a promising way to enhance cybersecurity, collaborative initiatives are rarely put into practice owing to confidentiality, trust, and liability challenges. We investigate whether collaborative threat mitigation can be realized via controlled data sharing. With such an approach, organizations make informed decisions as to whether or not to share data, and how much. We propose using cryptographic tools for entities to estimate the benefits of collaboration and agree on what to share without having to disclose their datasets (i.e., in a privacy-preserving way). We focus on collaborative predictive blacklisting: Forecasting attack sources based on one’s logs and those contributed by other organizations. We study the impact of different sharing strategies by experimenting on a real-world dataset of two billion suspicious IP addresses collected from Dshield over two months. We find that controlled data sharing yields up to 105 % accuracy improvement on average, while also reducing the false positive rate.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Identifying Intrusion Infections via Probabilistic Inference on Bayesian Network

Nur mit Berechtigung zugänglich

Facebook ThreatExchange. https://threatexchange.fb.com (2015)

Ackerman, S.: Privacy experts question Obama’s plan for new agency to counter cyber threats - the Guardian. http://gu.com/p/45yvz (2015)

Adar, E.: User 49: anonymizing query logs. In: Query Log Analysis Workshop (2007)

Applebaum, B., Ringberg, H., Freedman, M.J., Caesar, M., Rexford, J.: Collaborative, privacy-preserving data aggregation at scale. In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 56–74. Springer, Heidelberg (2010) CrossRef

Bilogrevic, I., Freudiger, J., De Cristofaro, E., Uzun, E.: What’s the gist? privacy-preserving aggregation of user profiles. In: Kutyłowski, M., Vaidya, J. (eds.) ICAIS 2014, Part II. LNCS, vol. 8713, pp. 128–145. Springer, Heidelberg (2014)

Blundo, C., De Cristofaro, E., Gasti, P.: EsPRESSo: Efficient privacy-preserving evaluation of sample set similarity. JCS 22(3), 355–381 (2014)

Burkhart, M., Strasser, M., Many, D., Dimitropoulos, X.: SEPIA: Privacy-preserving aggregation of multi-domain network events and statistics. In: Usenix Security (2010)

Coull, S.E., Wright, C.V., Monrose, F., Collins, M.P., Reiter, M.K.: Playing devil’s advocate: inferring sensitive information from anonymized network traces. In: NDSS (2007)

CSRIC Working Group 7.: U.S. anti-bot code of conduct for Internet service providers: barriers and metrics considerations (2013)

10.

Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: P2P-based collaborative spam detection and filtering. In: P2P (2004)

11.

De Cristofaro, E., Gasti, P., Tsudik, G.: Fast and private computation of cardinality of set intersection and union. In: Pieprzyk, J., Sadeghi, A.-R., Manulis, M. (eds.) CANS 2012. LNCS, vol. 7712, pp. 218–231. Springer, Heidelberg (2012) CrossRef

12.

De Cristofaro, E., Tsudik, G.: Practical private set intersection protocols with linear complexity. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 143–159. Springer, Heidelberg (2010) CrossRef

13.

De Cristofaro, E., Tsudik, G.: Experimenting with fast private set intersection. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds.) Trust 2012. LNCS, vol. 7344, pp. 55–73. Springer, Heidelberg (2012) CrossRef

14.

Freedman, M.J., Nissim, K., Pinkas, B.: Efficient private matching and set intersection. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 1–19. Springer, Heidelberg (2004) CrossRef

15.

Freudiger, J., Rane, S., Brito, A.E., Uzun, E.: Privacy preserving data quality assessment for high-fidelity data sharing. In: WISCS (2014)

16.

Gusfield, D., Irving, R.W.: The Stable Marriage Problem: Structure and Algorithms. MIT Press, Cambridge (1989) MATH

17.

Hailpern, B.T., Malkin, P.K., Schloss, R.: Collaborative server processing of content and meta-information with application to virus checking in a server network, US Patent 6,275,937 (2001)

18.

Huang, Y., Evans, D., Katz, J.: Private set intersection: are garbled circuits better than custom protocols? In: NDSS (2012)

19.

Huang, Y., Evans, D., Katz, J., Malka, L.: Faster secure two-party computation using garbled circuits. In: Usenix Security (2011)

20.

Jaccard, P.: Etude comparative de la distribution florale dans une portion des Alpes et du Jura

21.

Katti, S., Krishnamurthy, B. Katabi, D.: Collaborating against common enemies. In: IMC (2005)

22.

Kenneally, E., Claffy, K.: Dialing privacy and utility: a proposed data-sharing framework to advance internet research. IEEE Secur. Priv. 8(4), 31–39 (2010)CrossRef

23.

Lakkaraju, K., Slagell, A.: Evaluating the utility of anonymized network traces for intrusion detection. In: Securecomm (2008)

24.

Lincoln, P., Porras, P., Shmatikov, V.: Privacy-preserving sharing and correction of security alerts. In: Usenix Security (2004)

25.

Locasto, M.E., Parekh, J.J., Keromytis, A.D., Stolfo, S.J.: Towards collaborative security and P2P intrusion detection. In: Information Assurance Workshop (2005)

26.

Oikonomou, G., Mirkovic, J., Reiher, P., Robinson, M.: A framework for a collaborative DDoS defense. In: ACSAC (2006)

27.

Pinkas, B., Schneider, T., Zohner, M.: Faster private set intersection based on OT extension. In: Usenix Security (2014)

28.

Porras, P., Shmatikov, V.: Large-scale collection and sanitization of network security data: risks and challenges. In: New Security Paradigms Workshop (NSPW) (2006)

29.

Pouget, F., Dacier, M., Pham, V.H.: Vh: Leurre. com: on the advantages of deploying a large scale distributed honeypot platform. In: E-Crime and Computer Conference (2005)

30.

Red Sky Alliance. http://redskyalliance.org/

31.

SANS Technology Institute.: DShield Data. https://www.dshield.org/

32.

Slagell, A., Yurcik, W.: Sharing computer network logs for security and privacy: a motivation for new methodologies of anonymization. In: Securecomm (2005)

33.

Soldo, F., Le, A., Markopoulou, A.: Predictive blacklisting as an implicit recommendation system. In: INFOCOM (2010)

34.

Song, C., Qu, Z., Blumm, N., Barabási, A.-L.: Limits of predictability in human mobility. Sci. 327, 1018–1021 (2010)MATHCrossRef

35.

The White House.: Executive order promoting private sector cybersecurity information sharing (2015). http://1.usa.gov/1vISfBO

36.

Worldwide observatory of malicious behaviors and attack threats (2013). http://www.wombat-project.eu/

37.

Xu, J., Fan, J., Ammar, M.H., Moon, S.B.: Prefix-preserving IP address anonymization: measurement-based security evaluation and a new cryptography-based scheme. In: ICNP (2002)

38.

Yao, A.: Protocols for secure computations. In: 23rd Annual Symposium on Foundations of Computer Science, FOCS, pp. 160–164 (1982)

39.

Yegneswaran, V., Barford, P., Jha, S.: Global intrusion detection in the DOMINO overlay system. In: NDSS (2004)

40.

Zhang, J., Porras, P.A., Ullrich, J.: Highly predictive blacklisting. In: Usenix Security (2008)

Titel: Controlled Data Sharing for Collaborative Predictive Blacklisting
verfasst von: Julien Freudiger
Emiliano De Cristofaro
Alejandro E. Brito
Verlag: Springer International Publishing
Buch: Detection of Intrusions and Malware, and Vulnerability Assessment
Print ISBN: 978-3-319-20549-6

Electronic ISBN: 978-3-319-20550-2

Copyright-Jahr: 2015
DOI: https://doi.org/10.1007/978-3-319-20550-2_17

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"