remedi3s tld reputation metrics design to improve
play

REMEDI3S-TLD: Reputation Metrics Design to Improve Intermediary - PowerPoint PPT Presentation

Apr 06, 2023 •358 likes •605 views

REMEDI3S-TLD: Reputation Metrics Design to Improve Intermediary Incentives for Security of TLDs A project in collaboration with SIDN and NCSC Maciej Korczy ski Delft University of Technology Contact: maciej.korczynski@tudelft.nl ICANN 54

  1. REMEDI3S-TLD: Reputation Metrics Design to Improve Intermediary Incentives for Security of TLDs A project in collaboration with SIDN and NCSC Maciej Korczy ń ski Delft University of Technology Contact: maciej.korczynski@tudelft.nl ICANN 54 Techday 19 October 2015, Dublin

  2. REMEDI3S-TLD

  3. REMEDI3S-TLD

  4. REMEDI3S-TLD

  5. REMEDI3S-TLD

  6. Agenda • Types of security metrics • Security metrics for TLDs • Security metrics for hosting providers • Discussion

  7. Types of security metrics • Different layers of security metrics: • Top Level Domains (TLDs) • Market players related to the TLD (infrastructure providers): registrars, hosting providers, DNS service providers • Network resources managed by each of the players, such as resolvers, name servers

  8. Security metrics for TLDs

  9. Security metrics for TLDs • Type of reputation metrics • Concentration of malicious content: a) Number of unique domains b) Number of FQDN c) Number of URLs

  10. Security metrics for TLDs • Type of reputation metrics • Concentration of malicious content: a) Number of unique domains b) Number of FQDN c) Number of URLs • Size matters!

  11. Security metrics for TLDs • Type of reputation metrics (example)

  12. Security metrics for TLDs • Type of reputation metrics Up-times of maliciously registered/compromised domains •

  13. Security metrics for hosting providers

  14. Security metrics for hosting providers 1. Count badness per AS across different data sources 2. Normalize for the size of the AS (in 3 ways) Abuse ¡Maps ¡ Abuse ¡Feeds ¡ Normalized ¡ Abuse ¡Mapping ¡ Abuse ¡ Shadow ¡Server ¡Compromise ¡ • PhishTank ¡ Shadow ¡Server ¡Sandbox ¡URL ¡ • AS#1 ¡ ß ¡ à ¡ ¡100 ¡ ¡ # ¡Unique ¡Abuse ¡/ ¡AS ¡ Zeustracker ¡C&Cs ¡ AS#2 ¡ ß ¡ à ¡ ¡200 ¡ • PhishTank ¡/ ¡Advrt. ¡IPs ¡ MLAT ¡requests ¡ • AS#1 ¡ ß ¡ à ¡ ¡0.39 ¡ APWG ¡ • MLAT ¡ AS#2 ¡ ß ¡ à ¡ ¡0.19 ¡ StopBadware ¡ • AS#1 ¡ ß ¡ à ¡ ¡50 ¡ Normaliza3on ¡ … ¡ • AS#2 ¡ ß ¡ à ¡ ¡73 ¡ PhishTank ¡/ ¡Domains ¡ ¡ Hosted ¡ • AS#1 ¡ ß ¡ à ¡ ¡4.34 ¡ # ¡Abuse ¡/ ¡Size ¡ AS#2 ¡ ß ¡ à ¡ ¡0.16 ¡ p-­‑DNS ¡/ ¡IP ¡ Size ¡Maps ¡ MLAT ¡/ ¡Advrt. ¡IPs ¡ Size ¡Mapping ¡ AS#1 ¡ ß ¡ à ¡ ¡0.19 ¡ Rou3ng ¡ AdverLsed ¡IPs ¡ AS#2 ¡ ß ¡ à ¡ ¡0.07 ¡ AS#1 ¡ ß ¡ à ¡ ¡256 ¡ # ¡Advertised ¡IPs ¡ AS#2 ¡ ß ¡ à ¡ ¡1024 ¡ # ¡IPs ¡in ¡p-­‑DNS ¡ MLAT ¡/ ¡Domains ¡Hosted ¡ # ¡Domains ¡Hosted ¡ AS#1 ¡ ß ¡ à ¡ ¡2.17 ¡ Farsight ¡Security ¡p-­‑DNS ¡Data ¡ • ¡Domains ¡Hosted ¡ AS#2 ¡ ß ¡ à ¡ ¡0.05 ¡ Internet ¡IP ¡RouLng ¡Data ¡ • AS#1 ¡ ß ¡ à ¡ ¡23 ¡ ¡ AS#2 ¡ ß ¡ à ¡ ¡1232 ¡

  15. Security metrics for hosting providers 3. Rank ASes on amount of badness 4. Aggregate rankings 5. Identify ASes with consistently high concentrations of badness Abuse ¡Ranking ¡ Normalized ¡ Abuse ¡ PhishTank ¡Ranking ¡1 ¡ PhishTank ¡/ ¡Advrt. ¡IPs ¡ AS#1 ¡ ß ¡ à ¡ ¡834 ¡ AS#1 ¡ ß ¡ à ¡ ¡0.39 ¡ Overall ¡Ranking ¡ AS#2 ¡ ß ¡ à ¡ ¡833 ¡ AS#2 ¡ ß ¡ à ¡ ¡0.19 ¡ Rank ¡ Combine ¡ PhishTank ¡/ ¡Domains ¡ PhishTank ¡Ranking ¡2 ¡ Borda ¡Count ¡Ranking ¡ Ranks ¡ Hosted ¡ AS#1 ¡ ß ¡ à ¡ ¡834 ¡ AS#1 ¡ ß ¡ à ¡ ¡2354 ¡ Sort ¡Rank ¡ ¡ AS#1 ¡ ß ¡ à ¡ ¡4.34 ¡ AS#2 ¡ ß ¡ à ¡ ¡833 ¡ AS#2 ¡ ß ¡ à ¡ ¡1834 ¡ Borda ¡Count ¡ High ¡ à ¡Low ¡ AS#2 ¡ ß ¡ à ¡ ¡0.16 ¡ AS#3 ¡ ß ¡ à ¡ ¡1542 ¡ AS#4 ¡ ß ¡ à ¡ ¡1322 ¡ MLAT ¡Ranking ¡1 ¡ MLAT ¡/ ¡Advrt. ¡IPs ¡ AS#1 ¡ ß ¡ à ¡ ¡235 ¡ AS#1 ¡ ß ¡ à ¡ ¡0.19 ¡ AS#2 ¡ ß ¡ à ¡ ¡234 ¡ AS#2 ¡ ß ¡ à ¡ ¡0.07 ¡ MLAT ¡Ranking ¡2 ¡ MLAT ¡/ ¡Domains ¡Hosted ¡ AS#1 ¡ ß ¡ à ¡ ¡235 ¡ AS#1 ¡ ß ¡ à ¡ ¡2.17 ¡ AS#2 ¡ ß ¡ à ¡ ¡234 ¡ AS#2 ¡ ß ¡ à ¡ ¡0.05 ¡

  16. Practical application • “Clean Netherlands”: Enhance self cleansing ability of the Dutch hosting market by • promoting best practices and awareness • pressuring the rotten apples

  17. Discussion • Compare your TLD against the market • Driving factors (why the attackers are more interested in certain types of domains?) • Let us know about policy changes, pricing

  18. Discussion • Limitations: metrics for smaller TLDs are more sensitive to individual security incidents • Abuse handling initiatives

  19. Discussion • Limited access to: • Domain WHOIS (classifier between maliciously registered and legitimate domains, metrics for registrars) • Datasets, e.g. shadow server reports • Feedback

  20. ACKNOWLEDGEMENTS The research leading to these results was funded by SIDN (www.sidn.nl) Many thanks to: Cristian Hesselman (SIDN Labs), Paul Vixie (Farsight Security), and Thorsten Kraft ( Cyscon )

  21. Contact information: Maciej Korczy ń ski Delft University of Technology maciej.korczynski@tudelft.nl

  22. Security metrics for TLDs • Type of reputation metrics

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

From weak online reputation metrics to standardized attack-resistant trust metrics Dr. Jean-Marc

From weak online reputation metrics to standardized attack-resistant trust metrics Dr. Jean-Marc

ITU Workshop on Future Trust and Knowledge Infrastructure, Phase 2 Geneva, Switzerland 1 July 2016 From weak online reputation metrics to standardized attack-resistant trust metrics Dr. Jean-Marc Seigneur President at Rputaction SAS,

599 views • 26 slides
Identifying interventions to improve NMHS capacities based on GFCS pillars and associated metrics

Identifying interventions to improve NMHS capacities based on GFCS pillars and associated metrics

Identifying interventions to improve NMHS capacities based on GFCS pillars and associated metrics Mark Tadross, Anna Steynor, Christopher Lennard, Kate Kloppers, Luleka Dlamini (CSAG) Methodological steps assessing capacity Metrics associated

330 views • 11 slides
What we learned from Community Metrics Agenda Why are metrics used? How metrics are used

What we learned from Community Metrics Agenda Why are metrics used? How metrics are used

What we learned from Community Metrics Agenda Why are metrics used? How metrics are used in two Open Source communities Common pitfalls and ways to avoid them Why use Metrics? Transparency Who is contributing to the

166 views • 14 slides
Possible Incentive Metrics: Public Health Recommendations Katrina Hedberg, MD, MPH Health

Possible Incentive Metrics: Public Health Recommendations Katrina Hedberg, MD, MPH Health

Possible Incentive Metrics: Public Health Recommendations Katrina Hedberg, MD, MPH Health Officer & State Epidemiologist April 18, 2014 Context Improve population health, improve care, lower (long-term) costs Address leading

627 views • 43 slides
The Metrics Design Pattern Metrics Driven Development Stephanie Kaiser & Horia Dragomir

The Metrics Design Pattern Metrics Driven Development Stephanie Kaiser & Horia Dragomir

The Metrics Design Pattern Metrics Driven Development Stephanie Kaiser & Horia Dragomir Stephanie Kaiser & Horia Dragomir wooga wooga The Metrics Design Pattern A story about a game Monster World DAU 1.200.000 1.000.000 800.000

827 views • 64 slides
Reputation Systems Reputation systems: quantify the trust between different users. Application:

Reputation Systems Reputation systems: quantify the trust between different users. Application:

Formal Verification of e-Reputation Protocols 1 Ali Kassem 2 , Pascal Lafourcade 1 , Yassine Lakhnech 2 1 University dAuvergne, LIMOS 2 Universit Grenoble Alpes, CNRS, VERIMAG The 7th International Symposium on Foundations & Practice of

583 views • 33 slides
Online Reputation Security It takes 20 years to build a reputation and five minutes to ruin

Online Reputation Security It takes 20 years to build a reputation and five minutes to ruin

Online Reputation Security It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, youll do things differently Warren Buffett NASDAQ ABC Stock after Roseanne Barrs Tweet and Show

698 views • 51 slides
Aucklands DNA Rollout Process Place DNA Reputation Themes Final Reputation Framework

Aucklands DNA Rollout Process Place DNA Reputation Themes Final Reputation Framework

Aucklands DNA Rollout Process Place DNA Reputation Themes Final Reputation Framework Framework 3 Reputation Storybook Themes 1 Destination reputation 2 The power of stories 3 The importance of themes 4 Aucklands Place DNA

663 views • 64 slides
Reputation Management Destroy or Salvage Reputation? Through their actions following a crisis,

Reputation Management Destroy or Salvage Reputation? Through their actions following a crisis,

Reputation Management Destroy or Salvage Reputation? Through their actions following a crisis, brands decide if they destroy or salvage their reputations. And of course, their partners matter too specifically their PR firms. DO YOU DESERVE

475 views • 28 slides
Schools & Reputation Management Overview Introductions The Importance of managing

Schools & Reputation Management Overview Introductions The Importance of managing

Schools & Reputation Management Overview Introductions The Importance of managing your schools reputation How can social media affect your schools reputation? The press Legal issues Case studies

321 views • 13 slides
AGENCY OPERATIONS METRICS The Metrics of Me The Metrics of Me x 159 13,006 5 days old books

AGENCY OPERATIONS METRICS The Metrics of Me The Metrics of Me x 159 13,006 5 days old books

Dont trust your gut AGENCY OPERATIONS METRICS The Metrics of Me The Metrics of Me x 159 13,006 5 days old books read so far in 2018 The Metrics of Me 6.3 4.5 4 0 hours of sleep hours in dance class hours cooking hours commuting

549 views • 20 slides
Robert Pohnke Plan 1. Problem Description 2. Canal mechanism 3. Results 4. Q&A Reputation

Robert Pohnke Plan 1. Problem Description 2. Canal mechanism 3. Results 4. Q&A Reputation

Canal: Scaling Social Network-Based Sybil Tolerance Schemes Robert Pohnke Plan 1. Problem Description 2. Canal mechanism 3. Results 4. Q&A Reputation systems A reputation system computes and publishes reputation scores for a set of

649 views • 25 slides
Proposal Metrics Dashboard What Gets Measured Gets Done Topics Why Keep Metrics? What

Proposal Metrics Dashboard What Gets Measured Gets Done Topics Why Keep Metrics? What

Proposal Metrics Dashboard What Gets Measured Gets Done Topics Why Keep Metrics? What Metrics Should We Keep? What is the Easiest Way to Collect Metrics? What is the Easiest Way to Report Metrics? Tips and Tricks to Building a

578 views • 16 slides
Software Metrics Chapter 4 1 SW Metrics SW process and product metrics are quantitative

Software Metrics Chapter 4 1 SW Metrics SW process and product metrics are quantitative

Click here to review OO Testing Strategies Software Metrics Chapter 4 1 SW Metrics SW process and product metrics are quantitative measures that enable SW people to gain insight into the efficacy of SW process and the projects that are

897 views • 44 slides
Software Metrics Denition The measurement of the software development process and its

Software Metrics Denition The measurement of the software development process and its

Object-Oriented Software Engineering Extra Chapter: Software Metrics Lecture 14 Why Measure Software? Projects often Go over budget Miss deadlines Exhibit poor quality Measurements can be used to improve the process and quality

526 views • 14 slides
Rapid, Collaborative 3D Modeling: Techniques to Improve Buy In During Design Chris Kitts, MWH

Rapid, Collaborative 3D Modeling: Techniques to Improve Buy In During Design Chris Kitts, MWH

PNWS AWWA CONFERENCE Rapid, Collaborative 3D Modeling: Techniques to Improve Buy In During Design Chris Kitts, MWH MAY 8, 2014 Conceptual Design Detailed Design Construction To begin with the end in mind means to start with a clear

513 views • 18 slides
Voting: Issues, Problems, and Systems, Continued 9 March 2012 Voting III 9 March 2012 1/1 Last

Voting: Issues, Problems, and Systems, Continued 9 March 2012 Voting III 9 March 2012 1/1 Last

Voting: Issues, Problems, and Systems, Continued 9 March 2012 Voting III 9 March 2012 1/1 Last Time Weve discussed several voting systems and conditions which may or may not be satisfied by a system. Well review them. But first,

781 views • 52 slides
Financial Statements and Related Announcement::Second Qua... Page 1 of 2 FINANCIAL STATEMENTS AND

Financial Statements and Related Announcement::Second Qua... Page 1 of 2 FINANCIAL STATEMENTS AND

Financial Statements and Related Announcement::Second Qua... Page 1 of 2 FINANCIAL STATEMENTS AND RELATED ANNOUNCEMENT::SECOND QUARTER AND/ OR HALF YEARLY RESULTS Issuer & Securities Issuer/ Manager VALUETRONICS HOLDINGS LIMITED

428 views • 31 slides
CIMB GROUP HOLDINGS BERHAD FULL YEAR 2010 RESULTS Analyst Presentation 25 February 2011 Key

CIMB GROUP HOLDINGS BERHAD FULL YEAR 2010 RESULTS Analyst Presentation 25 February 2011 Key

CIMB GROUP HOLDINGS BERHAD FULL YEAR 2010 RESULTS Analyst Presentation 25 February 2011 Key Highlights Achieved all primary targets and most secondary targets FY10 PAT of RM3.52 bil, up 25.4% Y-o-Y New dividend policy applied

878 views • 67 slides
Q4 & FY18 Earnings Presentation 08 May, 2018 Highlights - Q4 FY18 Operational Revenues at

Q4 & FY18 Earnings Presentation 08 May, 2018 Highlights - Q4 FY18 Operational Revenues at

Q4 & FY18 Earnings Presentation 08 May, 2018 Highlights - Q4 FY18 Operational Revenues at Rs. 7798 mn, growth at 27.3% Dominos Pizza Same Store Sales Growth (SSG) at 26.5% JFL EBITDA at Rs. 1278 mn, 16.4% of Net Sales Dominos Pizza

156 views • 12 slides
BAYESIAN GLOBAL OPTIMIZATION Using Optimal Learning to Tune Deep Learning Pipelines Scott Clark

BAYESIAN GLOBAL OPTIMIZATION Using Optimal Learning to Tune Deep Learning Pipelines Scott Clark

BAYESIAN GLOBAL OPTIMIZATION Using Optimal Learning to Tune Deep Learning Pipelines Scott Clark scott@sigopt.com OUTLINE 1. Why is Tuning AI Models Hard? 2. Comparison of Tuning Methods 3. Bayesian Global Optimization 4. Deep Learning

983 views • 67 slides
Decomposition Behavior in Aggregated Data Sets Sarah Berube Karl-Dieter Crisman Gordon College

Decomposition Behavior in Aggregated Data Sets Sarah Berube Karl-Dieter Crisman Gordon College

Decomposition Behavior in Aggregated Data Sets Sarah Berube Karl-Dieter Crisman Gordon College Oct. 24, 2009 Berube and Crisman (Gordon College) Decomposing Aggregated Data Oct. 24, 2009 1 / 29 Outline Background Definitions Decomposing

1.09k views • 104 slides
A concept of multicriteria stratification: a definition and solution MIKHAIL ORLOV , , D E PA

A concept of multicriteria stratification: a definition and solution MIKHAIL ORLOV , , D E PA

A concept of multicriteria stratification: a definition and solution MIKHAIL ORLOV , , D E PA RT M E N T O F A P P L I E D M AT H E M AT I C S A N D I N F O R M AT I C S H S E BORIS MIRKIN I N T E R N AT I O N A L L A B O R AT O RY O F

787 views • 26 slides
Micro, Small, and Medium Enterprises Using Analytic Network Process at PT Sarana Jatim Ventura

Micro, Small, and Medium Enterprises Using Analytic Network Process at PT Sarana Jatim Ventura

Selection of Business Funding Proposals of Micro, Small, and Medium Enterprises Using Analytic Network Process at PT Sarana Jatim Ventura By Kevin Karmadi Wirawan 2511100054 Supervisor: Stefanus Eko Wiratno, ST, MT Co-Supervisor: Effi

666 views • 49 slides

More recommend