News Briefs

Abstract

This paper deals with an algorithm that generates useful blacklists for networks by taking information from victims of past network attacks and predicting which hacker sites are likely to target specific networks in the future. Blacklists, which contain IP addresses previously involved in malicious activity, are an increasingly popular security technique. However, there are problems with the two main blacklisting approaches. HPB uses two analysis engines to create a blacklist for each network it protects. One engine ranks attack sources based on their relevance to the network for which it is developing a blacklist. The other determines the severity of potential attacks. The highly predictive blacklist approach works with information about harmful online activity that the SANS Institute collects via its DShield system. After filtering out unnecessary information, HPB runs the data through one system that ranks attack sources based on their relevance to a network being protected and one that determines potential attack severity.

Related Papers

• → Improved Blacklisting: Inspecting the Structural Neighborhood of Malicious URLs(2012)14 cited
• → Predicting malicious hosts by blacklisted IPv4 address density estimation(2020)7 cited
• → Blacklisting the Blacklist in Online Advertising(2017)2 cited
• International Journals Blacklist(2021)