Scientists use ecommerce techniques to block attacks

[nsane.forums]

Scientists from from the University of California, Irvine have published a paper about a technique borrowed from ecommerce that could stop virus attacks by prediction.

The technique, called highly predictive blacklisting, uses data from past attacks and maps out a pattern for the way viruses spread through systems. Once it recognises the activity of the threat is blacklist the site that delivered the malware.

"We propose a multi-level prediction model that is adjusted and tuned specifically for the attack forecasting problem. Our model captures and combines various factors, namely: attacker-victim history (using time-series) and attackers and/or victims interactions (using neighborhood models), said the paper's authors Fabio Soldo, Anh Le and Athina Markopoulou.

The team took as their inspiration Amazon's predictive model, where customers are recommended books that they may like based on past purchases. In practice they use a Google PageRank type algorithm to find the most common attakc vectors and block them.

They tested the system on a dataset of 1 month's worth of logs consisting of 100s of millions of security logs from 100s of networks.

The team say that the new technique improves on current state of the art blacklisting systems by 70 per cent and there is plenty of room for further improvement.

View: Original Article