Explore an in-depth analysis of IP address blacklists and their effectiveness in protecting IoT devices during this conference talk from the Hack In The Box Security Conference. Delve into the limitations of current blacklist approaches, particularly for resource-constrained IoT devices and home routers. Learn about a proposed algorithm, the Attacker IP Prioritizer (AIP), designed to optimize blacklists for IoT protection. Discover a standardized methodology for evaluating blacklist efficacy. Gain insights into the challenges of maintaining effective blacklists in cloud environments and the short-lived nature of IoT malware attacks. Follow the speaker's journey as a bachelor student researcher at StratosphereIPS Lab, working on algorithmically optimizing blacklists and studying IoT traffic through honeypot implementations.
Overview
Syllabus
Intro
Blacklists - Why Do We Need Them?
Two types of Access. Ist Download
Two types of Access. 2nd API
Problem Blacklists Need to be Evaluated
Previous Works in Academia
Source Data of Real Attacks
AIP V1.0 Update Framework - How it generates an updates BlackLists
AIP Rating Functions
Evaluation Methodology
AIP Two Month Evaluation. Num of IPS
What We Needed To Improve
AIP V2.0 - Current Version Implemented Improvements
AIP V3.0 - Future Planned Improvements • Data analysis comparing features
Blacklists Need to be Evaluated Our Contributions A new algorithm for blacklists creation, the Attacker IP Prioritizer
Download Community Contributions
Taught by
Hack In The Box Security Conference
