Software Seminar

Blacklisting and Filtering Sources of Malicious Traffic

Athina Markopoulou

Assistant Professor in EECS
University of California, Irvine
 
Monday, April 19, 2010
1:00pm - 2:00pm
3725 Beyster Bldg.

 

About the Event

Dealing with malicious traffic on the Internet is a difficult problem that requires the synergy of several components. In this talk, we focus on two widely used defense mechanisms, namely blacklisting and filtering of malicious sources.

The first part of the talk is about blacklists, i.e., lists of IP sources that are considered likely to generate malicious activity in the future. We formulate the problem of constructing predictive blacklists, based on past logs, as an implicit recommendation system. We propose a multi-level prediction model that captures various patterns of malicious behavior, including: the attacker-victim history (using time-series) as well as attackers' and/or victims' interactions (using neighborhood models). Using one-month of Dshield.org logs, we demonstrate that our combined method significantly improves the prediction rate and the robustness against poisoning attacks, compared to state-of-the-art methods.

The second part of the talk is about source-based filtering of malicious traffic using access control lists (ACLs). Filters (ACLs) are already available at the routers today but are a scarce resource because they are stored in TCAM. Aggregation can help in practice: a single filter can be used to block an entire IP prefix, thus reducing the number of filters but also blocking legitimate traffic. We present a framework for optimal source-based filtering for a range of attack scenarios and operator's policies. We develop optimal, yet computationally efficient, algorithms and we demonstrate that they perform well in practice.

Biography

Athina Markopoulou is an assistant professor in EECS at the University of California, Irvine. She received the Diploma degree in Electrical and Computer Engineering from the National Technical University of Athens, Greece, in 1996, and the Master's and Ph.D. degrees in Electrical Engineering from Stanford University, in 1998 and 2003 respectively. Her research interests include network coding, network security and Internet measurements. She received the NSF CAREER award in 2008.

Additional Information

Sponsor: Software Systems Lab

Open to: Public