CYBER-TA Highly Predictive Blacklists (HPB) Distribution Page

The Cyber-TA group announces the Internet release of the Highly Predictive Blacklisting (HPB) service, now available for free use at www.dshield.org. A Highly Predictive Blacklist is a list of malicious Internet addresses, which is formulated through an analysis of the millions of firewall log entries that are contributed to DShield each day from across the Internet. Each DShield contributor is provided a custom HPB that captures the set of attack source addresses that are the most likely to attack the contributor's network over the next several days.

Highly predictive blacklists employ a link analysis algorithm similar to Google's PageRank scheme used to find the most relevant web pages given a user's query. But instead of web queries, the firewall logs of DShield contributors are cross-compared with one another in search of overlaps among the attackers they report. The attacker addresses included within a HPB are selected by favoring the inclusion of those attackers who have been encountered by other contributors who share degrees of overlap with the HPB owner.

Important Links:

[LINK] - DShield.org HPB Web Link - DShield contributors can download and evaluate their own Highly Predictive Blacklists.
[PDF] Highly Predictive Blacklisting - Full SRI Technical Report - presents the HPB Algorithm and the full comparative evaluation results .
[LINK] - HPB Technical Summary - A Short 2-page technical summary of the HPB Algorithm.
[LINK] - HPB Service Announcement Page - SRI and DShield.org announce their joint release of the HPB service.