Issue No. 11 - November (2008 vol. 41)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MC.2008.465
This paper deals with an algorithm that generates useful blacklists for networks by taking information from victims of past network attacks and predicting which hacker sites are likely to target specific networks in the future. Blacklists, which contain IP addresses previously involved in malicious activity, are an increasingly popular security technique. However, there are problems with the two main blacklisting approaches. HPB uses two analysis engines to create a blacklist for each network it protects. One engine ranks attack sources based on their relevance to the network for which it is developing a blacklist. The other determines the severity of potential attacks. The highly predictive blacklist approach works with information about harmful online activity that the SANS Institute collects via its DShield system. After filtering out unnecessary information, HPB runs the data through one system that ranks attack sources based on their relevance to a network being protected and one that determines potential attack severity.
telecommunication security, IP networks, security of data, DShield system, network security, highly predictive blacklist algorithm, hacker site, IP address, network attack source ranking, potential attack severity, network security, blacklists, DShield, data centers, fat-tree network, Georgia Tech Tongue Drive System, assistive technology, virtual worlds
"News Briefs," in Computer, vol. 41, no. , pp. 18-20, 2008.