Security-Alerts mailing list archive (email@example.com)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[security-alerts] FYI: Collaborative Blacklisting Significantly Improves Effectiveness
--Collaborative Blacklisting Significantly Improves Effectiveness (July 31,
2008) At the USENIX Security Conference this week in San Jose, researchers from
SRI and the Internet Storm Center released the results of a test implementation
of a new service, called Highly Predictive Blacklisting.
Rather than relying on general shared lists or highly specific and personalized
ones, HPB uses a link analysis algorithm similar to Google's PageRank to rank
attackers based on an estimation of how dangerous the site is and how closely
it is associated with other sites being attacked by the same attackers.
Together the algorithm does a pretty good job of estimating the probability
that the attacker will target a user's network in the future. Details of the
new service are outlined in a paper that won Best Paper at the USENIX Security
[Editor's Note (Ullrich): DShield will allow you to generate these blacklists.
All submitters are able to retrieve "HPB" s for their account.
(http://isc.sans.org/howto.html). dShield participation is a free service of
the SANS Institute.
(Paller): For more than a decade, governments have been searching for a way to
get companies to share cyber security data. The project described in this
paper may provide the first good answer to that question, because no
organization can gain the benefit of improved blacklisting unless they share
the attack data their site is experiencing. Thousands of sites are already
participating in the collaborative data project at the Internet Storm Center
resulting in some of the best data available anywhere (see the "Top 10 Rising
and "World Map" of the sources of attacks at http://isc.sans.org), but this new
project could make Storm Center data even more useful and the participants much
better protected than those who do not participate.]