Evaluating Reputation of Internet Entities
Security monitoring tools, such as honeypots, IDS, behavioral analysis or anomaly detection systems, generate large amounts of security events or alerts. These alerts are often shared within some communities using various alert sharing systems. Our research is focused on analysis of the huge amount of data present in these systems. In this work we focus on summarizing all alerts and other information known about a network entity into a measure called reputation score expressing the level of threat the entity poses. Computation of the reputation score is based on estimating probability of future attacks caused by the entity.
KeywordsAnomaly Detection Malicious Activity Reputation Score Network Entity Security Event
This research was supported by Security Research grant no. VI20162019029 in project Shaing and analysis of security events in Czech republic granted by Ministry of the Interior of the Czech republic. It was also partially supported from IT4Innovations excellence in science project (IT4I XS – LQ1602) and by Brno University of Technology grant no. FIT-S-14-2297.
- 1.Bartoš, V.: Analysis of alerts reported to Warden. Technical report 1/2016, CESNET, February 2016Google Scholar
- 2.Bartoš, V., Žádník, M.: An analysis of correlations of intrusion alerts in anNREN. In: 19th International Workshop on Computer-Aided Modeling Analysis and Design of Communication Links and Networks (CAMAD), pp. 305–309. IEEE, December 2014Google Scholar
- 4.Cambridge English Dictionary: reputation. http://dictionary.cambridge.org/dictionary/english/reputation. Accessed January 14, 2016
- 5.CESNET: Warden – alert sharing system. https://wardenw.cesnet.cz/
- 6.ENISA: Standards and tools for exchange and processing of actionable information, November 2014Google Scholar
- 7.Gokcen, Y., Foroushani, V., Heywood, A.: Can we identify NAT behavior by analyzing traffic flows? In: Security and Privacy Workshops (SPW), pp. 132–139. IEEE, May 2014Google Scholar
- 8.Merriam-Webster Dictionary: Reputation. http://www.merriam-webster.com/dictionary/reputation. Accessed on January 14, 2016
- 9.Moreira Moura, G.C., Sadre, R., Pras, A.: Internet bad neighborhoods temporal behavior. In: Network Operations and Management Symposium (NOMS), pp. 1–9. IEEE, May 2014Google Scholar
- 10.Moreira Moura, G.C.: Internet bad neighborhoods. Ph.D. thesis, University of Twente, Enschede. http://doc.utwente.nl/84507/
- 11.Moreira Moura, G.C., et al.: How dynamic is the ISPs address space? Towards internet-wide DHCP churn estimation. In: 14th International Conference on Networking. IFIP, May 2015Google Scholar