Your reputation precedes you presented at Virus Bulletin 2011

by Gunter Ollmann (Damballa),

Tags: Security


Summary : "The threat landscape is increasingly dynamic. Legitimate servers are being hacked and abused into hosting
drive-by-download materials, botnet command-and-control portals and hosting fraud content. Meanwhile, bullet-proof hosting
providers and criminal IaaS operators continue to augment their federated delivery models. Short of preemptively scanning
and classifying every web page request and scanning each binary file in advance of download, how do other approaches fare
in preemptively qualifying the maliciousness or criminality of Internet services?
IP reputation services have been a popular approach for first pass qualification (and filtering) of Internet threats,
however, most threat categories have evolved beyond their ability to keep pace. A new generation of dynamic reputation
approaches are coming to the fore - capable of providing high accuracy scoring mechanisms at both the IP address and
domain name level with hourly (or better) resolution. How do these different approaches fare against increasingly dynamic
threats, skilled opponents and the transition to an IPv6 framework?
This paper looks under the veneer of the various reputation approaches - examining their usefulness against today's threat
landscape and evaluating their respective strengths and weaknesses.