Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New DShield Feature: Highly Predictive Blocklists.

Published: 2007-04-17
Last Updated: 2007-04-17 14:38:58 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)
I am happy to announce an exciting new feature to DShield submitters. Based on some research done by SRI International, we came up with an algorithm to create better blocklists.

The short one paragraph summary: The algorithm compares your submissions to others and finds groups of similar submitters. Next, it will generate blocklists based on how close you are to these other submitters.

In other simulations, these blocklists have been far superior to regular "global worst offender" or "local worst offender" lists.

For details, see http://www.dshield.org/hpbinfo.html

Keywords:
0 comment(s)
Diary Archives