1 / 16

Predictive Blacklisting as an Implicit Recommendation System

Predictive Blacklisting as an Implicit Recommendation System. Authors: Fabio Soldo, Anh Le, Athina Markopoulou IEEE INFOCOM 2010 Reporter: Jing Chiu Advisor: Yuh-Jye Lee Email: D9815013@mail.ntust.edu.tw. Outlines. Introduction Blacklists Recommendation System Related Works LWOL GWOL

hagop
Download Presentation

Predictive Blacklisting as an Implicit Recommendation System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Predictive Blacklisting as an Implicit Recommendation System Authors: Fabio Soldo, Anh Le, Athina Markopoulou IEEE INFOCOM 2010 Reporter: Jing Chiu Advisor: Yuh-Jye Lee Email: D9815013@mail.ntust.edu.tw Data Mining & Machine Learning Lab

  2. Outlines • Introduction • Blacklists • Recommendation System • Related Works • LWOL • GWOL • HPB • Room for improvement • DSHIELD Dataset Observation • Model Overview • Time Series • EWMA • Neighborhood Model • kNN • CA • Evaluation • Conclusions Data Mining & Machine Learning Lab

  3. Introduction • Blacklists • Recommendation System Data Mining & Machine Learning Lab

  4. Related Works • Local Worst Offender List(LWOL) • Global Worst Offender List(GWOL) • Highly Predictive Blacklisting(HPB) • J. Zhang, P. Porras, and J. Ullrich, “Highly predictive blacklisting,” in Proc. of USENIX Security ’08 (Best Paper award), San Jose, CA, USA, Jul. 2008, pp. 107–122. Data Mining & Machine Learning Lab

  5. Room for improvement Data Mining & Machine Learning Lab

  6. DSHIELD Dataset Observation Data Mining & Machine Learning Lab

  7. DSHIELD Dataset Observation(cont.) Data Mining & Machine Learning Lab

  8. DSHIELD Dataset Observation(cont.) Data Mining & Machine Learning Lab

  9. Model Overview • Time Series for Attack Prediction • Exponential Weighted Moving Average(EWMA) • Neighborhood Model • Victim Neighborhood (kNN) • k-nearest neighbor • Pearson correlation as similarity metric • Joint Attacker-Victim Neighborhood (CA) • cross-associations • Fully automatic clustering algorithm that finds row and column groups of sparce binary matrices Data Mining & Machine Learning Lab

  10. Evaluations • Local approaches • Global (neighborhood) approaches • Proposed combined method • Robustness Data Mining & Machine Learning Lab

  11. Evaluations (cont.) Data Mining & Machine Learning Lab

  12. Evaluations (cont.) Data Mining & Machine Learning Lab

  13. Evaluations (cont.) Data Mining & Machine Learning Lab

  14. Evaluations (cont.) Data Mining & Machine Learning Lab

  15. Conclusions • Frame the problem as an implicit recommendation system • Analyze a real dataset of 1-month logs from Dshield.rg • Shows that even larger improvement can be obtained • Give a methodological development with improvement over state-of-the-art. Data Mining & Machine Learning Lab

  16. Thanks for your attention • Questions? Data Mining & Machine Learning Lab

More Related