Bridging the data gap: Data related challenges in evaluating large scale collaborative security systems ∗

6th Workshop on Cyber Security Experimentation and Test, CSET 2013

Volumn , Issue , 2013, Pages

  Sonchack, John ^a   Aviv, Adam J ^b   Smith, Jonathan M ^a  

^a UNIVERSITY OF PENNSYLVANIA   (United States)

^b SWARTHMORE COLLEGE   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COLLABORATIVE SECURITIES; COLLABORATIVE SECURITY SYSTEM; COLLABORATIVE SYSTEMS; CYBER SECURITY; DATA SHARING; MULTIPLE CLASS; PARAMETERIZED; SIMULATION TECHNIQUE;

SECURITY SYSTEMS;

EID: 85084160805     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (31)

1. CAIDA Data Overview. http://www.caida.org/data/overview/.
2. Darpa ids evaluation data set. http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/.
3. Dshield.org. http://www.dshield.org/.
4. Highly predictive blacklist. http://www.dshield.org/hpbinfo. html.
5. ISC Research Feed. https://isc.sans.edu/researchfeed. html.
6. Observing routing asymmetry in internet traffic. http://www.caida.org/research/traffic-analysis/asymmetry/.
7. Protected repository for the defense of infrastructure against cyber threats. http://predict.org.
8. Adam J Aviv and Andreas Haeberlen. Challenges in experimenting with botnet detection systems. In USENIX 4th CSET Workshop, 2011.
9. Paul Baecher, Markus Koetter, Thorsten Holz, Maximillian Dornseif, and Felix Freiling. The nepenthes platform: An efficient approach to collect malware. In RAID’06, pages 165–184. Springer, 2006.
10. Michael Bailey, Evan Cooke, Farnam Jahanian, David Watson, and Jose Nazario. The blaster worm: Then and now. Security & Privacy, IEEE, 3(4):26–31, 2005.
11. Nathaniel Boggs, Sharath Hiremagalore, Angelos Stavrou, and Salvatore J Stolfo. Cross-domain collaborative anomaly detection: so far yet so close. In RAID’11, pages 142–160. Springer, 2011.
12. Scott Coull, Charles Wright, Fabian Monrose, Michael Collins, Michael K Reiter, et al. Playing devil’s advocate: Inferring sensitive information from anonymized network traces. In NDSS’07, pages 35–47, 2007.
13. Jan Goebel and Thorsten Holz. Rishi: Identify bot contaminated hosts by irc nickname evaluation. In Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, pages 8–8. Cambridge, MA, 2007.
14. Guofei Gu, Roberto Perdisci, Junjie Zhang, Wenke Lee, et al. Botminer: clustering analysis of network traffic for protocol-and structure-independent botnet detection. In Proceedings of the 17th conference on Security symposium, pages 139–154, 2008.
15. Sachin Katti, Balachander Krishnamurthy, and Dina Katabi. Collaborating against common enemies. In ACM IMC, 2005.
16. Hyang-Ah Kim and Brad Karp. Autograph: Toward automated, distributed worm signature detection. In Proceedings of the 13th USENIX Security Symposium, pages 271–286, 2004.
17. Bob Lantz, Brandon Heller, and Nick McKeown. A network in a laptop: rapid prototyping for software-defined networks. In Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks, page 19. ACM, 2010.
18. David Moore, Colleen Shannon, Geoffrey M Voelker, and Stefan Savage. Internet quarantine: Requirements for containing self-propagating code. In INFOCOM 2003. Twenty-Second Annual Joint Conference of the IEEE Computer and Communications. IEEE Societies, volume 3, pages 1901–1910. IEEE, 2003.
19. Shishir Nagaraja, Prateek Mittal, Chi-Yao Hong, Matthew Caesar, and Nikita Borisov. Botgrep: finding p2p bots with structured graph analysis. In Proceedings of the 19th USENIX conference on Security, pages 7–7. USENIX Association, 2010.
20. Ruoming Pang, Mark Allman, Vern Paxson, and Jason Lee. The devil and packet trace anonymization. ACM SIGCOMM Computer Communication Review, 36(1):29–38, 2006.
21. Vern Paxson. Bro: a system for detecting network intruders in real-time. Computer networks, 31(23):2435–2463, 1999.
22. Niels Provos. Honeyd-a virtual honeypot daemon. In 10th DFN-CERT Workshop, Hamburg, Germany, volume 2, 2003.
23. George F Riley. The georgia tech network simulator. In Proceedings of the ACM SIGCOMM workshop on Models, methods and tools for reproducible network research, pages 5–12. ACM, 2003.
24. Haakon Ringberg, Matthew Roughan, and Jennifer Rexford. The need for simulation in evaluating anomaly detectors. ACM SIGCOMM Computer Communication Review, 38(1):55–59, 2008.
25. Christian Rossow, Christian J Dietrich, Chris Grier, Christian Kreibich, Vern Paxson, Norbert Pohlmann, Herbert Bos, and Maarten van Steen. Prudent practices for designing malware experiments: Status quo and outlook. In Security and Privacy (SP), 2012 IEEE Symposium on, pages 65–79. IEEE, 2012.
26. Colleen Shannon and David Moore. The spread of the witty worm. Security & Privacy, IEEE, 2(4):46–50, 2004.
27. Douglas C Sicker, Paul Ohm, and Dirk Grunwald. Legal issues surrounding monitoring during network research. In Proceedings of the 7th ACM SIGCOMM conference on Internet measurement, pages 141–148. ACM, 2007.
28. Arno Wagner and Bernhard Plattner. Entropy based worm and anomaly detection in fast ip networks. In Enabling Technologies: Infrastructure for Collaborative Enterprise, 2005. 14th IEEE International Workshops on, pages 172–177. IEEE, 2005.
29. Michele C Weigle, Prashanth Adurthi, Félix Hernández-Campos, Kevin Jeffay, and F Donelson Smith. Tmix: a tool for generating realistic tcp application workloads in ns-2. ACM SIGCOMM Computer Communication Review, 36(3):65–76, 2006.
30. Vinod Yegneswaran, Paul Barford, and Somesh Jha. Global intrusion detection in the domino overlay system. In Proceedings of NDSS, volume 2004. San Diego, CA, 2004.
31. Jian Zhang, Phillip Porras, and Johannes Ullrich. Highly predictive blacklisting. In USENIX Security, volume 8, pages 107–122, 2008.