Share Email Print
cover

Proceedings Paper

ASN reputation system model
Format Member Price Non-Member Price
PDF $14.40 $18.00

Paper Abstract

Network security monitoring is currently challenged by its reliance on human analysts and the inability for tools to generate indications and warnings for previously unknown attacks. We propose a reputation system based on IP address set membership within the Autonomous System Number (ASN) system. Essentially, a metric generated based on the historic behavior, or misbehavior, of nodes within a given ASN can be used to predict future behavior and provide a mechanism to locate network activity requiring inspection. This will provide reinforcement of notifications and warnings and lead to inspection for ASNs known to be problematic even if initial inspection leads to interpretation of the event as innocuous. We developed proof of concept capabilities to generate the IP address to ASN set membership and analyze the impact of the results. These results clearly show that while some ASNs are one-offs with individual or small numbers of misbehaving IP addresses, there are definitive ASNs with a history of long term and wide spread misbehaving IP addresses. These ASNs with long histories are what we are especially interested in and will provide an additional correlation metric for the human analyst and lead to new tools to aid remediation of these IP address blocks.

Paper Details

Date Published: 14 May 2015
PDF: 8 pages
Proc. SPIE 9458, Cyber Sensing 2015, 94580A (14 May 2015); doi: 10.1117/12.2177464
Show Author Affiliations
Steve Hutchinson, ICF International for Army Research Lab. (United States)
Robert F. Erbacher, U.S. Army Research Lab. (United States)


Published in SPIE Proceedings Vol. 9458:
Cyber Sensing 2015
Igor V. Ternovskiy; Peter Chin, Editor(s)

© SPIE. Terms of Use
Back to Top