Evaluating Bad Hosts Using Adaptive Blacklist Filter

Submitted by grigby1 on Mon, 12/28/2020 - 12:47pm

Title	Evaluating Bad Hosts Using Adaptive Blacklist Filter
Publication Type	Conference Paper
Year of Publication	2020
Authors	Hynek, K., Čejka, T., Žádník, M., Kubátová, H.
Conference Name	2020 9th Mediterranean Conference on Embedded Computing (MECO)
Date Published	June 2020
Publisher	IEEE
ISBN Number	978-1-7281-6949-1
Keywords	adaptive blacklist filter, adaptive filtering, adaptive filters, automated evaluation techniques, bad hosts, blacklists, computer network security, digital signatures, evaluator module, evidence capture, false positives, flow-based monitoring, incident evaluation, Internet, Metrics, national backbone network, network flow data, pubcrawl, publicly available blacklists, resilience, Resiliency, Scalability, telecommunication traffic, unreliable alerts
Abstract	Publicly available blacklists are popular tools to capture and spread information about misbehaving entities on the Internet. In some cases, their straight-forward utilization leads to many false positives. In this work, we propose a system that combines blacklists with network flow data while introducing automated evaluation techniques to avoid reporting unreliable alerts. The core of the system is formed by an Adaptive Filter together with an Evaluator module. The assessment of the system was performed on data obtained from a national backbone network. The results show the contribution of such a system to the reduction of unreliable alerts.
URL	https://ieeexplore.ieee.org/document/9134244
DOI	10.1109/MECO49872.2020.9134244
Citation Key	hynek_evaluating_2020

Groups:

Science of Security VO