IP Reputation Scoring with Geo-Contextual Feature Augmentation

Sainani, Henanksha; Namayanja, Josephine M.; Sharma, Guneeti; Misal, Vasundhara; Janeja, Vandana P.

doi:10.1145/3419373

Cited by 4 publications

(3 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This information is easy to extract and does not require a large volume of data. In this case, the models that are created are based on computations about the frequencies at which contextual information appears, or again, clustering techniques [16][17][18][19]. A global accuracy of 0.77 is reached to classify an IP address as malicious or not.…”

Section: Related Workmentioning

confidence: 99%

Towards Supercomputing Categorizing the Maliciousness upon Cybersecurity Blacklists with Concept Drift

Carriegos

DeCastro-García

García

2023

Computational and Mathematical Methods

View full text Add to dashboard Cite

In this article, we have carried out a case study to optimize the classification of the maliciousness of cybersecurity events by IP addresses using machine learning techniques. The optimization is studied focusing on time complexity. Firstly, we have used the extreme gradient boosting model, and secondly, we have parallelized the machine learning algorithm to study the effect of using a different number of cores for the problem. We have classified the cybersecurity events’ maliciousness in a biclass and a multiclass scenario. All the experiments have been carried out with a well-known optimal set of features: the geolocation information of the IP address. However, the geolocation features of an IP address can change over time. Also, the relation between the IP address and its label of maliciousness can be modified if we test the address several times. Then, the models’ performance could degrade because the information acquired from training on past samples may not generalize well to new samples. This situation is known as concept drift. For this reason, it is necessary to study if the optimization proposed works in a concept drift scenario. The results show that the concept drift does not degrade the models. Also, boosting algorithms achieving competitive or better performance compared to similar research works for the biclass scenario and an effective categorization for the multiclass case. The best efficient setting is reached using five nodes regarding high-performance computation resources.

show abstract

Section: Related Workmentioning

confidence: 99%

Towards Supercomputing Categorizing the Maliciousness upon Cybersecurity Blacklists with Concept Drift

Carriegos

DeCastro-García

García

2023

Computational and Mathematical Methods

View full text Add to dashboard Cite

show abstract

“…AI_Adaptive_POW consists of four main modules and each module is lightweight and customizable. Our baseline framework uses an AI module called DaBR [2], to produce reputation scores which can be replaced by even more sophisticated reputation score calculation techniques (for example, see [5]). The AI model is trained using a list of known malicious IPs provided by Cisco Talos [3] which can be replaced by any other third party IP list service or an amalgamation of more than one lists.…”

Section: Design Impactmentioning

confidence: 99%

AI_Adaptive_POW: An AI assisted Proof Of Work (POW) framework for DDoS defense

et al. 2022

View full text Add to dashboard Cite

“…To avoid these drawbacks, it is better to try to obtain more information about the sources before blocking its traffic. However, new blocklists using localization and political actualities [8] tend to have better results as they integrate context into the analysis.…”

Section: State Of the Artmentioning

confidence: 99%

How to build socio-organizational information from remote IP addresses to enrich security analysis?

Moriot

Lesueur

Stouls

et al. 2022

2022 IEEE 47th Conference on Local Computer Networks (LCN)

View full text Add to dashboard Cite

There is a constant threat of having our computing systems under attack. Information regarding the origins of the traffic we receive can be valuable. Currently, the AS-number and the localization are the most commonly used IP-related information to characterize an attack.In this paper, we propose expanding knowledge about a remote IP's owner to improve defensive reaction effectiveness and obtain in-depth analyzes of attacker profiles. We introduce the enrichment with socio-organizational information (such as organization type, activity field, etc.) about the entities owning the IP in addition to infrastructural information. This integration is driven by combining RDAP and Wikidata. We demonstrate that this proposal is promising.

show abstract

IP Reputation Scoring with Geo-Contextual Feature Augmentation

Cited by 4 publications

References 18 publications

Towards Supercomputing Categorizing the Maliciousness upon Cybersecurity Blacklists with Concept Drift

Towards Supercomputing Categorizing the Maliciousness upon Cybersecurity Blacklists with Concept Drift

AI_Adaptive_POW: An AI assisted Proof Of Work (POW) framework for DDoS defense

How to build socio-organizational information from remote IP addresses to enrich security analysis?

Contact Info

Product

Resources

About