2016
DOI: 10.1007/978-3-319-39814-3_13
|View full text |Cite
|
Sign up to set email alerts
|

Evaluating Reputation of Internet Entities

Abstract: Security monitoring tools, such as honeypots, IDS, behavioral analysis or anomaly detection systems, generate large amounts of security events or alerts. These alerts are often shared within some communities using various alert sharing systems. Our research is focused on analysis of the huge amount of data present in these systems. In this work we focus on summarizing all alerts and other information known about a network entity into a measure called reputation score expressing the level of threat the entity p… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1

Citation Types

0
2
0

Year Published

2018
2018
2019
2019

Publication Types

Select...
1
1
1

Relationship

0
3

Authors

Journals

citations
Cited by 3 publications
(2 citation statements)
references
References 8 publications
0
2
0
Order By: Relevance
“…The score represents a meaningful and actionable information that is utilized by the action components, for example, to block traffic from most offending IP addresses or domains, or by a user directly, for example, to prioritize investigation of reported incidents or to bring attention to a prevailing issue. A first idea of such a reputation database, including summarizing the data into a single reputation score, has been briefly introduced in our earlier work [24]. In this work we propose and evaluate a particular method which can be used in the scoring component.…”
Section: Network Entity Reputation Database System (Nerds)mentioning
confidence: 99%
“…The score represents a meaningful and actionable information that is utilized by the action components, for example, to block traffic from most offending IP addresses or domains, or by a user directly, for example, to prioritize investigation of reported incidents or to bring attention to a prevailing issue. A first idea of such a reputation database, including summarizing the data into a single reputation score, has been briefly introduced in our earlier work [24]. In this work we propose and evaluate a particular method which can be used in the scoring component.…”
Section: Network Entity Reputation Database System (Nerds)mentioning
confidence: 99%
“…Another approach is to attempt to quantify the quality of the alert data (rather than the source of it). In such a scenario, the trust model attempts to measure the quality of the alerts themselves or assign a reputation score to certain parameters of an alert (e.g., to the IP address of an adversary) [4].…”
Section: Building Trust In Cidssmentioning
confidence: 99%