Highly Predictive Blacklisting Explanation Page
  Web Portal
Software Releases
Private Project Page

The Highly Predictive Blacklisting Service
The Explanation Page

Download PDF:
Highly Predictive Blacklisting, Usenix Security, August 2008.


  About Highly Predictive Blacklists
The HPB Service is Now Available at DShield.Org!

The Cyber-TA group announces the Internet release of the Highly Predictive Blacklisting (HPB) service, now available for free use at www.dshield.org. A Highly Predictive Blacklist is a list of malicious Internet addresses, which is formulated through an analysis of the millions of firewall log entries that are contributed to DShield each day from across the Internet. Each DShield contributor is provided a custom HPB that captures the set of attack source addresses that are the most likely to attack the contributor's network over the next several days.

Highly predictive blacklists employ a link analysis algorithm similar to Google's PageRank scheme used to find the most relevant web pages given a user's query. But instead of web queries, the firewall logs of DShield contributors are cross-compared with one another in search of overlaps among the attackers they report. The attacker addresses included within a HPB are selected by favoring the inclusion of those attackers who have been encountered by other contributors who share degrees of overlap with the HPB owner.

Important Links:
  • [LINK] - DShield.org HPB Web Link - DShield contributors can download and evaluate their own Highly Predictive Blacklists.

  • [PDF] Highly Predictive Blacklisting - Full SRI Technical Report - presents the HPB Algorithm and the full comparative evaluation results .

  • [LINK] - HPB Technical Summary - A Short 2-page technical summary of the HPB Algorithm.

  • [LINK] - HPB Service Announcement Page - SRI and DShield.org announce their joint release of the HPB service.


The Highly Predictive Blacklisting Algorithm is a research prototype developed by the Computer Science Laboratory at SRI International in collaboration with DShield.Org: Jian Zhang (SRI), Phillip Porras (SRI), and Johannes Ullrich (DShield.org).

  - Highly Predictive Blacklists -
 Explanation Page
Cyber-TA Project
Page last updated: 2 April 2007

Project Details

Project Name
:  Cyber-TA
Application Name: Highly Predictive Blacklists
Project Admins:  
   Phillip Porras (
SRI International)
Development Status:  Active
Intended Audience Security Researchers, System Administrators
License:The HPB Service is available to DShield contributors at www.dshield.org
Operating System: Not applicable
Programming Language:Not applicable
Topic: Internet Security
Translations: English
User Interface:Firewall filters
Donors: Army Research Office
Project Contributors:
  Jian Zhang (SRI International)
  Phil Porras (SRI International)
  Johannes Ullrich (SANs Institute)
Last Website Update:   4 / 2 / 2007