使用跨协议分析检测恶意IP地址

2019 IEEE Symposium Series on Computational Intelligence (SSCI) Pub Date : 2019-12-01 DOI:10.1109/SSCI44817.2019.9003003

Yonghong Huang, Joanna Negrete, Adam Wosotowsky, John Wagener, Eric Peterson, Armando Rodriguez, Celeste Fralick

{"title":"使用跨协议分析检测恶意IP地址","authors":"Yonghong Huang, Joanna Negrete, Adam Wosotowsky, John Wagener, Eric Peterson, Armando Rodriguez, Celeste Fralick","doi":"10.1109/SSCI44817.2019.9003003","DOIUrl":null,"url":null,"abstract":"From the fundamentals of the domain name system (DNS) system, to the websites we browse, the files we download, and emails we receive, every aspect of our online lives involves connections to internet resources. As a result, the Internet protocol (IP) Address is a pivotal component for risk assessment of online exchanges. Our goal in this study is to develop large- scale classification of malicious IPs that leverages cross-protocol telemetry to produce accurate and context-aware risk assessment. We developed an IP reputation system for generic IP addresses based on real-world data. We added interpretability to our machine learning solution to infer a malicious IP address. Our results show that the cross-protocol analysis achieves exceptional testing performance and is effective in real-world application to detect malicious IP addresses.","PeriodicalId":6729,"journal":{"name":"2019 IEEE Symposium Series on Computational Intelligence (SSCI)","volume":"19 1","pages":"664-672"},"PeriodicalIF":0.0000,"publicationDate":"2019-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Detect Malicious IP Addresses using Cross-Protocol Analysis\",\"authors\":\"Yonghong Huang, Joanna Negrete, Adam Wosotowsky, John Wagener, Eric Peterson, Armando Rodriguez, Celeste Fralick\",\"doi\":\"10.1109/SSCI44817.2019.9003003\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"From the fundamentals of the domain name system (DNS) system, to the websites we browse, the files we download, and emails we receive, every aspect of our online lives involves connections to internet resources. As a result, the Internet protocol (IP) Address is a pivotal component for risk assessment of online exchanges. Our goal in this study is to develop large- scale classification of malicious IPs that leverages cross-protocol telemetry to produce accurate and context-aware risk assessment. We developed an IP reputation system for generic IP addresses based on real-world data. We added interpretability to our machine learning solution to infer a malicious IP address. Our results show that the cross-protocol analysis achieves exceptional testing performance and is effective in real-world application to detect malicious IP addresses.\",\"PeriodicalId\":6729,\"journal\":{\"name\":\"2019 IEEE Symposium Series on Computational Intelligence (SSCI)\",\"volume\":\"19 1\",\"pages\":\"664-672\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 IEEE Symposium Series on Computational Intelligence (SSCI)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SSCI44817.2019.9003003\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE Symposium Series on Computational Intelligence (SSCI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SSCI44817.2019.9003003","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

从域名系统(DNS)系统的基础，到我们浏览的网站、下载的文件和收到的电子邮件，我们在线生活的方方面面都涉及到与互联网资源的连接。因此，互联网协议(IP)地址是在线交换风险评估的关键组成部分。我们在这项研究中的目标是开发大规模的恶意ip分类，利用跨协议遥测来产生准确的和上下文感知的风险评估。我们开发了一个基于真实世界数据的通用IP地址信誉系统。我们在机器学习解决方案中增加了可解释性，以推断恶意IP地址。结果表明，跨协议分析在检测恶意IP地址方面取得了优异的测试性能，在实际应用中是有效的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Detect Malicious IP Addresses using Cross-Protocol Analysis

From the fundamentals of the domain name system (DNS) system, to the websites we browse, the files we download, and emails we receive, every aspect of our online lives involves connections to internet resources. As a result, the Internet protocol (IP) Address is a pivotal component for risk assessment of online exchanges. Our goal in this study is to develop large- scale classification of malicious IPs that leverages cross-protocol telemetry to produce accurate and context-aware risk assessment. We developed an IP reputation system for generic IP addresses based on real-world data. We added interpretability to our machine learning solution to infer a malicious IP address. Our results show that the cross-protocol analysis achieves exceptional testing performance and is effective in real-world application to detect malicious IP addresses.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2019 IEEE Symposium Series on Computational Intelligence (SSCI)

自引率

0.00%

发文量

期刊最新文献

Planning for millions of NPCs in Real-Time Improving Diversity in Concept Drift Ensembles Self-Organizing Transformations for Automatic Feature Engineering Corrosion-like Defect Severity Estimation in Pipelines Using Convolutional Neural Networks Heuristic Hybridization for CaRSP, a multilevel decision problem