|
The Highly Predictive Blacklisting Service
The Explanation Page
Download PDF:
Highly Predictive Blacklisting, Usenix Security, August 2008.
|
|
|
About Highly Predictive Blacklists
|
The HPB Service is Now Available at DShield.Org!
The Cyber-TA group announces the Internet release of the
Highly Predictive
Blacklisting (HPB) service, now available for free use at
www.dshield.org. A Highly Predictive Blacklist is a list of malicious
Internet addresses, which is formulated through an analysis of the
millions of firewall log entries that are contributed to DShield
each day from across the Internet. Each DShield contributor is
provided a custom HPB that captures the set of attack source addresses
that are the most likely to attack the contributor's network over the
next several days.
Highly predictive blacklists employ a link analysis algorithm similar
to Google's PageRank scheme used to find the most relevant web pages
given a user's query. But instead of web queries, the firewall logs
of DShield contributors are cross-compared with one another in search
of overlaps among the attackers they report. The attacker addresses
included within a HPB are selected by favoring the inclusion of those
attackers who have been encountered by other contributors who share
degrees of overlap with the HPB owner.
Important Links:
- [LINK] -
DShield.org HPB Web Link - DShield contributors can download and evaluate their own Highly
Predictive Blacklists.
- [PDF] Highly Predictive Blacklisting - Full SRI Technical Report - presents the HPB Algorithm and the
full comparative evaluation results .
- [LINK] - HPB Technical Summary - A Short 2-page technical summary of the HPB Algorithm.
- [LINK] - HPB Service Announcement Page - SRI and DShield.org announce their joint release of the HPB
service.
|
|
|
|
|
|
The Highly Predictive Blacklisting Algorithm
is a research prototype developed by the Computer Science Laboratory at SRI
International in collaboration with DShield.Org: Jian Zhang (SRI), Phillip
Porras (SRI), and Johannes Ullrich (DShield.org).
|
|
|
|
- Highly Predictive Blacklists -
Explanation Page
Cyber-TA Project
Page last updated: 2 April 2007
Project Details |
Project
Name: Cyber-TA
Application
Name: Highly Predictive Blacklists
Project
Admins:
Phillip Porras (SRI
International)
Development
Status: Active
Intended
Audience:
Security Researchers, System Administrators
License:The HPB Service is available to DShield
contributors at www.dshield.org
Operating
System: Not applicable
Programming
Language:Not applicable
Topic: Internet Security
Translations: English
User
Interface:Firewall filters
Donors: Army Research Office
Project
Contributors:
Jian Zhang
(SRI International)
Phil
Porras (SRI International)
Johannes Ullrich (SANs Institute)
Last
Website Update:
4 / 2 / 2007
|
|