navigating internet neighborhoods reputation its impact
play

Navigating Internet Neighborhoods: Reputation, Its Impact on - PowerPoint PPT Presentation

Jul 06, 2023 •275 likes •811 views

Navigating Internet Neighborhoods: Reputation, Its Impact on Security, and How to Crowd-source It Mingyan Liu Department of Electrical Engineering and Computer Science University of Michigan, Ann Arbor, MI November 6, 2013 Intro Motivation

  1. Navigating Internet Neighborhoods: Reputation, Its Impact on Security, and How to Crowd-source It Mingyan Liu Department of Electrical Engineering and Computer Science University of Michigan, Ann Arbor, MI November 6, 2013

  2. Intro Motivation Security investment Crowd sourcing Environments Discussion Conclusion Acknowledgment Collaborators: • Parinaz Naghizadeh Ardabili • Yang Liu, Jing Zhang, Michael Bailey, Manish Karir Funding from: • Department of Homeland Security (DHS) Liu (Michigan) Network Reputation November 6, 2013 2 / 52

  3. Intro Motivation Security investment Crowd sourcing Environments Discussion Conclusion Threats to Internet security and availability From unintentional to intentional, random maliciousness to economic driven: • misconfiguration • mismanagement • botnets, worms, SPAM, DoS attacks, . . . Typical operators’ countermeasures: filtering/blocking • within specific network services (e.g., e-mail) • with the domain name system (DNS) • based on source and destination (e.g., firewalls) • within the control plane (e.g., through routing policies) Liu (Michigan) Network Reputation November 6, 2013 3 / 52

  4. Intro Motivation Security investment Crowd sourcing Environments Discussion Conclusion Host Reputation Block Lists (RBLs) Commonly used RBLs: • daily average volume (unique entries) ranging from 146M (BRBL) to 2K (PhishTank) RBL Type RBL Name Spam BRBL, CBL, SpamCop, WPBL, UCEPROTECT Phishing/Malware SURBL, PhishTank, hpHosts Active attack Darknet scanners list, Dshield Liu (Michigan) Network Reputation November 6, 2013 4 / 52

  5. Intro Motivation Security investment Crowd sourcing Environments Discussion Conclusion Potential impact of RBLs 1.4e+12 100 6e+07 100 Total NetFlow Number of total Netflow % of the traffic are blocked by size Tainted Traffic Number of tainted traffic Netflow 1.2e+12 Traffic volume per hour (Bytes) % of traffic are tainted by volume 5e+07 % of NetFlow are tainted % of the Netflow are blocked Number of NetFlow per hour 80 80 1e+12 4e+07 60 60 8e+11 3e+07 6e+11 40 40 2e+07 4e+11 20 20 1e+07 2e+11 0 0 0 0 20 40 60 80 100 120 140 160 20 40 60 80 100 120 140 160 Time (hour) Time (hour) (a) By traffic volume (bytes). (b) By number of flows. NetFlow records of all traffic flows at Merit Network • at all peering edges of the network from 6/20/2012-6/26/2012 • sampling ratio 1:1 • 118.4TB traffic: 5.7B flows, 175B packets. As much as 17% (30%) of overall traffic (flows) “tainted” Liu (Michigan) Network Reputation November 6, 2013 5 / 52

  6. Intro Motivation Security investment Crowd sourcing Environments Discussion Conclusion How reputation lists should be/are used Strengthen defense: • filter configuration, blocking mechanisms, etc. Strengthen security posture: • get hosts off the list • install security patches, update software, etc. Retaliation for being listed: • lost revenue for spammers • example: recent DDoS attacks against Spamhaus by Cyberbunker Aggressive outbound filtering: • fixing the symptom rather than the cause • example: the country of Mexico Liu (Michigan) Network Reputation November 6, 2013 6 / 52

  7. Intro Motivation Security investment Crowd sourcing Environments Discussion Conclusion Limitations of host reputation lists Host identities can be highly transient: • dynamic IP address assignment • policies inevitably reactive, leading to significant false positives and misses • potential scalability issues RBLs are application specific: • a host listed for spamming can initiate a different attack Lack of standard and transparency in how they are generated • not publicly available: subscription based, query enabled Liu (Michigan) Network Reputation November 6, 2013 7 / 52

  8. Intro Motivation Security investment Crowd sourcing Environments Discussion Conclusion An alternative: network reputation Define the notion of “reputation” for a network (suitably defined) rather than for hosts A network is typically governed by consistent policies • changes in system administration on a much larger time scale • changes in resource and expertise on a larger time scale Policies based on network reputation is proactive • reputation reflects the security posture of the entire network, across all applications, slow changing over time Enables risk-analytical approaches to security; tradeoff between benefits in and risks from communication • acts as a proxy for metrics/parameters otherwise unobservable Liu (Michigan) Network Reputation November 6, 2013 8 / 52

  9. Intro Motivation Security investment Crowd sourcing Environments Discussion Conclusion An illustration 100 Fraction of IPs that are blacklisted (%) 80 60 BAD ? GOOD 40 20 0 1 10 100 1000 10000 ASes Figure: Spatial aggregation of reputation • Taking the union of 9 RBLs • % Addrs blacklisted within an autonomous system (est. total of 35-40K) Liu (Michigan) Network Reputation November 6, 2013 9 / 52

  10. Intro Motivation Security investment Crowd sourcing Environments Discussion Conclusion Many challenges to address • What is the appropriate level of aggregation • How to obtain such aggregated reputation measure, over time, space, and applications • How to use these to design reputation-aware policies • What effect does it have on the network’s behavior toward others and itself • How to make the reputation measure accurate representation of the quality of a network Liu (Michigan) Network Reputation November 6, 2013 10 / 52

  11. Intro Motivation Security investment Crowd sourcing Environments Discussion Conclusion Outline of the talk Impact of reputation on network behavior • Can the desire for good reputation (or the worry over bad reputation) positively alter a network’s decision in investment • Within the context of an inter-dependent security (IDS) game: positive externality Incentivizing input – crowd-sourcing reputation • Assume a certain level of aggregation • Each network possesses information about itself and others • Can we incentivize networks to participate in a collective effort to achieve accurate estimates/reputation assessment, while observing privacy and self interest Liu (Michigan) Network Reputation November 6, 2013 11 / 52

  12. Intro Motivation Security investment Crowd sourcing Environments Discussion Conclusion Interdependent Security Risks • Security investments of a network have positive externalities on other networks. • Networks’ preferences are in general heterogeneous: • Heterogeneous costs. • Different valuations of security risks. • Heterogeneity leads to under-investment and free-riding. Liu (Michigan) Network Reputation November 6, 2013 12 / 52

  13. Intro Motivation Security investment Crowd sourcing Environments Discussion Conclusion Network Security Investment Game Originally proposed by [Jiang, Anantharam & Walrand, 2011] • A set of N networks. • N i ’s action: invest x i ≥ 0 in security, with increasing effectiveness. • Cost c i > 0 per unit of investment (heterogeneous). • f i ( x ) security risk/cost of N i where: • x vector of investments of all users. • f i ( · ) decreasing in each x i and convex. • N i chooses x i to minimize the cost function h i ( x ) := f i ( x ) + c i x i . • Analyzed the suboptimality of this game. Liu (Michigan) Network Reputation November 6, 2013 13 / 52

  14. Intro Motivation Security investment Crowd sourcing Environments Discussion Conclusion Example: a total effort model A 2-player total effort model: f 1 ( x ) = f 2 ( x ) = f ( x 1 + x 2 ), with c 1 = c 2 = 1. h 1 ( x ) = f 1 ( x 1 + x 2 ) + x 1 , h 2 ( x ) = f 2 ( x 1 + x 2 ) + x 2 : • Let x o be the Nash Equilibrium, and x ∗ be the Social Optimum. • At NE: ∂ h i /∂ x i = f ′ ( x o 1 + x o 2 ) + 1 = 0. • At SO: ∂ ( h 1 + h 2 ) /∂ x i = 2 f ′ ( x ∗ 1 + x ∗ 2 ) + 1 = 0. • By convexity of f ( · ), x o 1 + x o 2 ≤ x ∗ 1 + x ∗ 2 ⇒ under-investment. Liu (Michigan) Network Reputation November 6, 2013 14 / 52

  15. Intro Motivation Security investment Crowd sourcing Environments Discussion Conclusion An illustration 2.5 −2 f’(y) 2 2(1−R’) 1.5 − f’(y) 1 0.5 0 y NR y R y * y: = x 1 +x 2 Figure: Suboptimality gap Liu (Michigan) Network Reputation November 6, 2013 15 / 52

  16. Intro Motivation Security investment Crowd sourcing Environments Discussion Conclusion The same game with reputation The same model, with the addition: • N i will be assigned a reputation based on its investment. • Valuation of reputation given by R i ( x ): increasing and concave. • N i chooses x i to minimize the cost function h i ( x ) := f i ( x ) + c i x i − R i ( x ) . Liu (Michigan) Network Reputation November 6, 2013 16 / 52

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Navigating Through the Financial Impact of COVID-19 OMWA Webinar May 8, 2020 1 Navigating

Navigating Through the Financial Impact of COVID-19 OMWA Webinar May 8, 2020 1 Navigating

Navigating Through the Financial Impact of COVID-19 OMWA Webinar May 8, 2020 1 Navigating Through the Financial Impact of COVID-19 Gary Scandlan Managing Partner and Director scandlan@watsonecon.ca Introduction COVID-19 and its

376 views • 22 slides
Very Large Scale Neighborhoods Weighted Matching Neighborhoods Cyclic Exchange Neighborhoods

Very Large Scale Neighborhoods Weighted Matching Neighborhoods Cyclic Exchange Neighborhoods

Outline DM811 HEURISTICS AND LOCAL SEARCH ALGORITHMS FOR COMBINATORIAL OPTIMZATION 1. Very Large Scale Neighborhoods Variable Depth Search Ejection Chains Lecture 11 Dynasearch Very Large Scale Neighborhoods Weighted Matching Neighborhoods

202 views • 9 slides
NEIGHBORHOODS Strategies to stabilize CLEVELAND MIDDLE NEIGHBORHOODS Middle Neighborhoods Field

NEIGHBORHOODS Strategies to stabilize CLEVELAND MIDDLE NEIGHBORHOODS Middle Neighborhoods Field

CLEVELAND MIDDLE NEIGHBORHOODS Strategies to stabilize CLEVELAND MIDDLE NEIGHBORHOODS Middle Neighborhoods Field Jason Powers, Project Director Cleveland Middle Neighborhoods Initiative Alan Mallach, Senior Fellow Center for Community

539 views • 53 slides
Transparency as Incentive for Internet Security: Organizational Layers for Reputation John S.

Transparency as Incentive for Internet Security: Organizational Layers for Reputation John S.

Transparency as Incentive for Internet Security: Organizational Layers for Reputation John S. Quarterman, Quarterman Creations Andrew B. Whinston, U. Texas at Austin Serpil Sayin, Ko University E. Vijaya Kumar, J. Reinikainen, J. Ahlroth

374 views • 33 slides
The Impact of Short-Time Rentals in the Demography of Touristic Neighborhoods: the case of

The Impact of Short-Time Rentals in the Demography of Touristic Neighborhoods: the case of

The Impact of Short-Time Rentals in the Demography of Touristic Neighborhoods: the case of Barcelona Joan SALES-FAV (jsales@ced.uab.es) Antonio LPEZ-GAY (tlopez@ced.uab.es) Juan Antonio MDENES (juanantonio.modenes@uab.cat) Centre dEstudis

189 views • 18 slides
Reputation how can you have an impact? Stefaan Fiers, PhD Communications & Public Policy

Reputation how can you have an impact? Stefaan Fiers, PhD Communications & Public Policy

(C)St. Fiers - BeAPP presentation 2/3/2018 Reputation how can you have an impact? Stefaan Fiers, PhD Communications & Public Policy Director, pharma.be ste_fiers pharmabe While we are all patient centric 1 (C)St. Fiers - BeAPP

390 views • 11 slides
Psychoeducation: As an Aid in Navigating the Impact of COVID 19- Session 1: Naming the

Psychoeducation: As an Aid in Navigating the Impact of COVID 19- Session 1: Naming the

Psychoeducation: As an Aid in Navigating the Impact of COVID 19- Session 1: Naming the experiences & beginning to cope Ellen Lukens, Ph.D., LCSW-R Firestone Professor of Professional Practice, Columbia School of Social Work (CSSW)

497 views • 48 slides
values impact neighborhoods across Philadelphia? Presentation to City Council April 2012 What

values impact neighborhoods across Philadelphia? Presentation to City Council April 2012 What

How might changes in property values impact neighborhoods across Philadelphia? Presentation to City Council April 2012 What is the purpose of this presentation? In order to get a sense of the changes that could occur with the

168 views • 15 slides
Tax Issues in Consumer Bankruptcies Navigating Discharge of Tax Liability, Impact of Tax

Tax Issues in Consumer Bankruptcies Navigating Discharge of Tax Liability, Impact of Tax

Presenting a live 90 minute webinar with interactive Q&A Tax Issues in Consumer Bankruptcies Navigating Discharge of Tax Liability, Impact of Tax Obligations on Means Testing, and Debt Related Tax Consequences TUES DAY, JANUARY 15,

1.14k views • 112 slides
Special Report: Todays Discussion: Purpose of this special report Navigating the Impact

Special Report: Todays Discussion: Purpose of this special report Navigating the Impact

Special Report: Todays Discussion: Purpose of this special report Navigating the Impact on Berkeleys economy Impacts of the Impact on Berkeleys revenues COVID-19 Impact on Berkeleys expenditures Pandemic on

300 views • 12 slides
Reputation Systems Reputation systems: quantify the trust between different users. Application:

Reputation Systems Reputation systems: quantify the trust between different users. Application:

Formal Verification of e-Reputation Protocols 1 Ali Kassem 2 , Pascal Lafourcade 1 , Yassine Lakhnech 2 1 University dAuvergne, LIMOS 2 Universit Grenoble Alpes, CNRS, VERIMAG The 7th International Symposium on Foundations & Practice of

583 views • 33 slides
Navigating Jurisdictional Determinations Under the Clean Water Act: Impact of U.S. Army Corps of

Navigating Jurisdictional Determinations Under the Clean Water Act: Impact of U.S. Army Corps of

Presenting a live 90-minute webinar with interactive Q&A Navigating Jurisdictional Determinations Under the Clean Water Act: Impact of U.S. Army Corps of Engineers v. Hawkes THURSDAY, SEPTEMBER 29, 2016 1pm Eastern | 12pm Central |

545 views • 38 slides
Online Reputation Security It takes 20 years to build a reputation and five minutes to ruin

Online Reputation Security It takes 20 years to build a reputation and five minutes to ruin

Online Reputation Security It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, youll do things differently Warren Buffett NASDAQ ABC Stock after Roseanne Barrs Tweet and Show

698 views • 51 slides
Aucklands DNA Rollout Process Place DNA Reputation Themes Final Reputation Framework

Aucklands DNA Rollout Process Place DNA Reputation Themes Final Reputation Framework

Aucklands DNA Rollout Process Place DNA Reputation Themes Final Reputation Framework Framework 3 Reputation Storybook Themes 1 Destination reputation 2 The power of stories 3 The importance of themes 4 Aucklands Place DNA

663 views • 64 slides
Reputation Management Destroy or Salvage Reputation? Through their actions following a crisis,

Reputation Management Destroy or Salvage Reputation? Through their actions following a crisis,

Reputation Management Destroy or Salvage Reputation? Through their actions following a crisis, brands decide if they destroy or salvage their reputations. And of course, their partners matter too specifically their PR firms. DO YOU DESERVE

475 views • 28 slides
Measuring Internet filters and their unexpected impact Leonid Evdokimov nullcon, Goa, March

Measuring Internet filters and their unexpected impact Leonid Evdokimov nullcon, Goa, March

Measuring Internet filters and their unexpected impact Leonid Evdokimov nullcon, Goa, March 2018 WHAT IS I N T E R N E T C E N S O R S H I P? Internet Censorship |ntnt snsrp| 1. a distortion of the reality of the Internet

327 views • 31 slides
Information Retrieval Lecture 6 Recap of the last lecture Parametric and field searches

Information Retrieval Lecture 6 Recap of the last lecture Parametric and field searches

Information Retrieval Lecture 6 Recap of the last lecture Parametric and field searches Zones in documents Scoring documents: zone weighting Index support for scoring tf idf and vector spaces This lecture Vector space

887 views • 49 slides
Country Governance and IP Reputation Bradley Hu ff aker Topology Meeting Naval Postgraduate

Country Governance and IP Reputation Bradley Hu ff aker Topology Meeting Naval Postgraduate

Country Governance and IP Reputation Bradley Hu ff aker Topology Meeting Naval Postgraduate School, June 2013 Tuesday, June 18, 13 Outline Hypothesis Data Analysis Future Work URLs Tuesday, June 18, 13 Outline

595 views • 13 slides
CS490W Web Search (II) Luo Si Department of Computer Science Purdue University Modified Slides

CS490W Web Search (II) Luo Si Department of Computer Science Purdue University Modified Slides

CS490W Web Search (II) Luo Si Department of Computer Science Purdue University Modified Slides from Manning, C., Raghavan, P. and Schtze, H. Todays topics Estimating web size and search engine index size Near-duplicate document

449 views • 31 slides
Module 13: Optimizing Query Performance Overview Introduction to the Query Optimizer

Module 13: Optimizing Query Performance Overview Introduction to the Query Optimizer

Module 13: Optimizing Query Performance Overview Introduction to the Query Optimizer Obtaining Execution Plan Information Using an Index to Cover a Query Indexing Strategies Overriding the Query Optimizer Introduction to

450 views • 34 slides
Trends in Malware Enabled Identity Theft Matthew McGlashan - matthew@auscert.org.au Computer

Trends in Malware Enabled Identity Theft Matthew McGlashan - matthew@auscert.org.au Computer

Trends in Malware Enabled Identity Theft Matthew McGlashan - matthew@auscert.org.au Computer Security Analyst, AusCERT Outline About AusCERT What AusCERT is doing to combat ID theft The Threat: Trojan Horse software

535 views • 27 slides
Web Mining Web Mining Web mining is the use of data mining techniques to automatically

Web Mining Web Mining Web mining is the use of data mining techniques to automatically

What is Web Mining? What is Web Mining? Web Mining Web Mining Web mining is the use of data mining techniques to automatically discover and extract information from Web documents/services (Etzioni, 1996, CACM 39(11)) Web mining aims to

566 views • 22 slides
RUSSIAN BLACK MARKET sh-3.2# whoami Alan Kakareka, CISSP, GSNA, GSEC, CEH, MCP, MCDST, Net+,

RUSSIAN BLACK MARKET sh-3.2# whoami Alan Kakareka, CISSP, GSNA, GSEC, CEH, MCP, MCDST, Net+,

INSIGHT INTO RUSSIAN BLACK MARKET sh-3.2# whoami Alan Kakareka, CISSP, GSNA, GSEC, CEH, MCP, MCDST, Net+, Sec+ MS MIS @FIU CTO and founder of Demyo, Inc. Demyo, Inc. AND I ENJOY GREEN LETTERS ON BLACK BACKGROUND Demyo, Inc. WHAT

646 views • 32 slides
Authentication and Encryption Kelly Rivers and Stephanie Rosenthal 15-110 Fall 2019 The In

Authentication and Encryption Kelly Rivers and Stephanie Rosenthal 15-110 Fall 2019 The In

In Internet Security: Authentication and Encryption Kelly Rivers and Stephanie Rosenthal 15-110 Fall 2019 The In Internet: A Utopian Vision The In Internet: Reality Main Questions First who are the bad actors or r adversarie ies?

515 views • 24 slides

More recommend