Lexa Software: Security-Alerts@yandex-team.ru archive

		Apache-Talk @lexa.ru
		Inet-Admins @info.east.ru
		Filmscanners @halftone.co.uk
		Security-alerts @yandex-team.ru
		nginx-ru @sysoev.ru

СТАТЬИ

ПЕРСОНАЛЬНОЕ

ПРОГРАММЫ

ПИШИТЕ
ПИСЬМА

АРХИВ :: Security-alerts

Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FYI: Collaborative Blacklisting Significantly Improves Effectiveness

To: "'security-alerts@xxxxxxxxxxxxxx'" <security-alerts@xxxxxxxxxxxxxx>
Subject: [security-alerts] FYI: Collaborative Blacklisting Significantly Improves Effectiveness
From: "Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>
Date: Tue, 5 Aug 2008 14:27:01 +0400
Accept-language: ru-RU, en-US
Acceptlanguage: ru-RU, en-US
Content-language: ru-RU
List-archive: <http://www.lexa.ru/security-alerts/> (Web Archive)
List-id: <security-alerts.yandex-team.ru>
List-subscribe: <mailto:majordomo@yandex-team.ru?body=subscribe%20security-alerts>
List-unsubscribe: <mailto:majordomo@yandex-team.ru?body=unsubscribe%20security-alerts>
Thread-index: Acj25cv93XDHrP32TmiyX1aIzC7POQ==
Thread-topic: FYI: Collaborative Blacklisting Significantly Improves Effectiveness

--Collaborative Blacklisting Significantly Improves Effectiveness (July 31, 
2008) At the USENIX Security Conference this week in San Jose, researchers from 
SRI and the Internet Storm Center released the results of a test implementation 
of a new service, called Highly Predictive Blacklisting.
Rather than relying on general shared lists or highly specific and personalized 
ones, HPB uses a link analysis algorithm similar to Google's PageRank to rank 
attackers based on an estimation of how dangerous the site is and how closely 
it is associated with other sites being attacked by the same attackers.  
Together the algorithm does a pretty good job of estimating the probability 
that the attacker will target a user's network in the future.  Details of the 
new service are outlined in a paper that won Best Paper at the USENIX Security 
conference.
http://www.securityfocus.com/brief/780
http://www.usenix.org/events/sec08/tech/zhang.html
[Editor's Note (Ullrich): DShield will allow you to generate these blacklists. 
All submitters are able to retrieve "HPB" s for their account. 
(http://isc.sans.org/howto.html). dShield participation is a free service of 
the SANS Institute.
(Paller): For more than a decade, governments have been searching for a way to 
get companies to share cyber security data.  The project described in this 
paper may provide the first good answer to that question, because no 
organization can gain the benefit of improved blacklisting unless they share 
the attack data their site is experiencing.  Thousands of sites are already 
participating in the collaborative data project at the Internet Storm Center 
resulting in some of the best data available anywhere (see the "Top 10 Rising 
Ports"
and "World Map" of the sources of attacks at http://isc.sans.org), but this new 
project could make Storm Center data even more useful and the participants much 
better protected than those who do not participate.]

Prev by Date: [security-alerts] FYI: Recursive DNS Cache Auditing
Next by Date: [security-alerts] FYI: Some Firewall Software Undoes DNS Patch Port Randomizing
Previous by thread: [security-alerts] FYI: Recursive DNS Cache Auditing
Next by thread: [security-alerts] FYI: Some Firewall Software Undoes DNS Patch Port Randomizing
Index(es):
- Date
- Thread