使用跨协议分析检测恶意IP地址

Yonghong Huang, Joanna Negrete, Adam Wosotowsky, John Wagener, Eric Peterson, Armando Rodriguez, Celeste Fralick
{"title":"使用跨协议分析检测恶意IP地址","authors":"Yonghong Huang, Joanna Negrete, Adam Wosotowsky, John Wagener, Eric Peterson, Armando Rodriguez, Celeste Fralick","doi":"10.1109/SSCI44817.2019.9003003","DOIUrl":null,"url":null,"abstract":"From the fundamentals of the domain name system (DNS) system, to the websites we browse, the files we download, and emails we receive, every aspect of our online lives involves connections to internet resources. As a result, the Internet protocol (IP) Address is a pivotal component for risk assessment of online exchanges. Our goal in this study is to develop large- scale classification of malicious IPs that leverages cross-protocol telemetry to produce accurate and context-aware risk assessment. We developed an IP reputation system for generic IP addresses based on real-world data. We added interpretability to our machine learning solution to infer a malicious IP address. Our results show that the cross-protocol analysis achieves exceptional testing performance and is effective in real-world application to detect malicious IP addresses.","PeriodicalId":6729,"journal":{"name":"2019 IEEE Symposium Series on Computational Intelligence (SSCI)","volume":"19 1","pages":"664-672"},"PeriodicalIF":0.0000,"publicationDate":"2019-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Detect Malicious IP Addresses using Cross-Protocol Analysis\",\"authors\":\"Yonghong Huang, Joanna Negrete, Adam Wosotowsky, John Wagener, Eric Peterson, Armando Rodriguez, Celeste Fralick\",\"doi\":\"10.1109/SSCI44817.2019.9003003\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"From the fundamentals of the domain name system (DNS) system, to the websites we browse, the files we download, and emails we receive, every aspect of our online lives involves connections to internet resources. As a result, the Internet protocol (IP) Address is a pivotal component for risk assessment of online exchanges. Our goal in this study is to develop large- scale classification of malicious IPs that leverages cross-protocol telemetry to produce accurate and context-aware risk assessment. We developed an IP reputation system for generic IP addresses based on real-world data. We added interpretability to our machine learning solution to infer a malicious IP address. Our results show that the cross-protocol analysis achieves exceptional testing performance and is effective in real-world application to detect malicious IP addresses.\",\"PeriodicalId\":6729,\"journal\":{\"name\":\"2019 IEEE Symposium Series on Computational Intelligence (SSCI)\",\"volume\":\"19 1\",\"pages\":\"664-672\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 IEEE Symposium Series on Computational Intelligence (SSCI)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SSCI44817.2019.9003003\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE Symposium Series on Computational Intelligence (SSCI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SSCI44817.2019.9003003","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2

摘要

从域名系统(DNS)系统的基础,到我们浏览的网站、下载的文件和收到的电子邮件,我们在线生活的方方面面都涉及到与互联网资源的连接。因此,互联网协议(IP)地址是在线交换风险评估的关键组成部分。我们在这项研究中的目标是开发大规模的恶意ip分类,利用跨协议遥测来产生准确的和上下文感知的风险评估。我们开发了一个基于真实世界数据的通用IP地址信誉系统。我们在机器学习解决方案中增加了可解释性,以推断恶意IP地址。结果表明,跨协议分析在检测恶意IP地址方面取得了优异的测试性能,在实际应用中是有效的。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Detect Malicious IP Addresses using Cross-Protocol Analysis
From the fundamentals of the domain name system (DNS) system, to the websites we browse, the files we download, and emails we receive, every aspect of our online lives involves connections to internet resources. As a result, the Internet protocol (IP) Address is a pivotal component for risk assessment of online exchanges. Our goal in this study is to develop large- scale classification of malicious IPs that leverages cross-protocol telemetry to produce accurate and context-aware risk assessment. We developed an IP reputation system for generic IP addresses based on real-world data. We added interpretability to our machine learning solution to infer a malicious IP address. Our results show that the cross-protocol analysis achieves exceptional testing performance and is effective in real-world application to detect malicious IP addresses.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信