This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
News Briefs (PDF)
November 2008 (vol. 41 no. 11)
pp. 18-20
This paper deals with an algorithm that generates useful blacklists for networks by taking information from victims of past network attacks and predicting which hacker sites are likely to target specific networks in the future. Blacklists, which contain IP addresses previously involved in malicious activity, are an increasingly popular security technique. However, there are problems with the two main blacklisting approaches. HPB uses two analysis engines to create a blacklist for each network it protects. One engine ranks attack sources based on their relevance to the network for which it is developing a blacklist. The other determines the severity of potential attacks. The highly predictive blacklist approach works with information about harmful online activity that the SANS Institute collects via its DShield system. After filtering out unnecessary information, HPB runs the data through one system that ranks attack sources based on their relevance to a network being protected and one that determines potential attack severity.
Index Terms:
telecommunication security,IP networks,security of data,DShield system,network security,highly predictive blacklist algorithm,hacker site,IP address,network attack source ranking,potential attack severity,network security,blacklists,DShield,data centers,fat-tree network,Georgia Tech Tongue Drive System,assistive technology,virtual worlds
Citation:
"News Briefs," Computer, vol. 41, no. 11, pp. 18-20, Nov. 2008, doi:10.1109/MC.2008.465
Usage of this product signifies your acceptance of the Terms of Use.