Abstract :
This paper deals with an algorithm that generates useful blacklists for networks by taking information from victims of past network attacks and predicting which hacker sites are likely to target specific networks in the future. Blacklists, which contain IP addresses previously involved in malicious activity, are an increasingly popular security technique. However, there are problems with the two main blacklisting approaches. HPB uses two analysis engines to create a blacklist for each network it protects. One engine ranks attack sources based on their relevance to the network for which it is developing a blacklist. The other determines the severity of potential attacks. The highly predictive blacklist approach works with information about harmful online activity that the SANS Institute collects via its DShield system. After filtering out unnecessary information, HPB runs the data through one system that ranks attack sources based on their relevance to a network being protected and one that determines potential attack severity.
Keywords :
IP networks; security of data; telecommunication security; DShield system; IP address; hacker site; highly predictive blacklist algorithm; network attack source ranking; network security; potential attack severity; DShield; Georgia Tech Tongue Drive System; assistive technology; blacklists; data centers; fat-tree network; network security; virtual worlds;
