Estimating the number of hosts corresponding to an intrusion alert while preserving privacy

作者：

Highlights：

• We develop a probabilistic model of host-to-address bindings.

• We apply this model to intrusion alerts and ping responses.

• We estimate that more than 80% of malicious addresses are dynamic.

• We conclude that such aliasing renders static blacklisting ineffective.

摘要

•We develop a probabilistic model of host-to-address bindings.•We apply this model to intrusion alerts and ping responses.•We estimate that more than 80% of malicious addresses are dynamic.•We conclude that such aliasing renders static blacklisting ineffective.

论文关键词：Intrusion detection,Address aliasing,Privacy protection,Statistical modelling

论文评审过程：Received 30 November 2012, Revised 30 April 2013, Accepted 14 June 2013, Available online 2 July 2013.

论文官网地址：https://doi.org/10.1016/j.jcss.2013.06.007

原文链接
谷歌学术
必应学术
百度学术