Collaborative approaches to network defense are increasingly used to predict attacks as well as to speed up their detection. For instance, with highly predictive blacklisting, one aims to forecast attack sources based on alerts contributed by multiple organizations. While collaboration helps discover groups of correlated attacks targeting similar victims, it also raises important privacy concerns.
To address this challenge, we introduce a novel privacy-friendly system whereby organizations are clustered together based on the similarity of their logs, without disclosing them in the clear. Entities in the same cluster only share relevant logs and build more accurate blacklists. At the same time, we investigate how to measure the effect of collaboration on prediction and find that the state-of-the-art (non privacy-preserving) system actually achieves lower accuracy than if organizations predicted based on local alerts only. Our experiments shed light on how to improve the quality of predictions by optimizing information shared across organizations, showing that our privacy-friendly methods markedly outperform non private tools both in terms of precision and recall.
from cs.AI updates on arXiv.org http://ift.tt/1NtM7Aq
via IFTTT
No comments:
Post a Comment