The Highly Predictive Blacklisting Service
The Explanation Page
Highly Predictive Blacklisting, Usenix Security, August 2008.
About Highly Predictive Blacklists
The HPB Service is Now Available at DShield.Org!
The Cyber-TA group announces the Internet release of the
Blacklisting (HPB) service, now available for free use at
www.dshield.org. A Highly Predictive Blacklist is a list of malicious
Internet addresses, which is formulated through an analysis of the
millions of firewall log entries that are contributed to DShield
each day from across the Internet. Each DShield contributor is
provided a custom HPB that captures the set of attack source addresses
that are the most likely to attack the contributor's network over the
next several days.
Highly predictive blacklists employ a link analysis algorithm similar
to Google's PageRank scheme used to find the most relevant web pages
given a user's query. But instead of web queries, the firewall logs
of DShield contributors are cross-compared with one another in search
of overlaps among the attackers they report. The attacker addresses
included within a HPB are selected by favoring the inclusion of those
attackers who have been encountered by other contributors who share
degrees of overlap with the HPB owner.
- [LINK] -
DShield.org HPB Web Link - DShield contributors can download and evaluate their own Highly
- [PDF] Highly Predictive Blacklisting - Full SRI Technical Report - presents the HPB Algorithm and the
full comparative evaluation results .
- [LINK] - HPB Technical Summary - A Short 2-page technical summary of the HPB Algorithm.
- [LINK] - HPB Service Announcement Page - SRI and DShield.org announce their joint release of the HPB
The Highly Predictive Blacklisting Algorithm
is a research prototype developed by the Computer Science Laboratory at SRI
International in collaboration with DShield.Org: Jian Zhang (SRI), Phillip
Porras (SRI), and Johannes Ullrich (DShield.org).
- Highly Predictive Blacklists -
Page last updated: 2 April 2007
| Project Details
Name: Highly Predictive Blacklists
Phillip Porras (SRI
Security Researchers, System Administrators
License:The HPB Service is available to DShield
contributors at www.dshield.org
System: Not applicable
Topic: Internet Security
Donors: Army Research Office
Porras (SRI International)
Johannes Ullrich (SANs Institute)
4 / 2 / 2007