Přehled o publikaci
2022
Limiting the Size of a Predictive Blacklist While Maintaining Sufficient Accuracy
ŠUĽAN, Samuel and Martin HUSÁKBasic information
Original name
Limiting the Size of a Predictive Blacklist While Maintaining Sufficient Accuracy
Authors
ŠUĽAN, Samuel and Martin HUSÁK
Edition
Vienna, The 17th International Conference on Availability, Reliability and Security (ARES 2022), p. "22:1"-"22:6", 6 pp. 2022
Publisher
ACM
Other information
Language
English
Type of outcome
Proceedings paper
Country of publisher
United States of America
Confidentiality degree
is not subject to a state or trade secret
Publication form
electronic version available online
References:
Marked to be transferred to RIV
Yes
RIV identification code
RIV/00216224:14610/22:00126039
Organization
Ústav výpočetní techniky – Repository – Repository
ISBN
978-1-4503-9670-7
UT WoS
EID Scopus
Keywords in English
cybersecurity;blacklist;limitation;prediction
Links
EF16_019/0000822, research and development project.
Changed: 15/5/2024 03:40, RNDr. Daniel Jakubík
Abstract
In the original language
Blacklists (blocklists, denylists) of network entities (e.g., IP addresses, domain names) are popular approaches to preventing cyber attacks. However, the limited capacity of active network defense devices may not hold all the entries on a blacklist. In this paper, we evaluated two strategies to limit the size of a blacklist and their impact on the blacklist's accuracy. The first strategy is setting the maximal size of a blacklist; the second is setting an expiration time to blacklist items. Short-term attack predictions are typically more precise, and, thus, the recent blacklist entries should be more valuable than older ones. Our experiment shows that the blacklists reduced to half of the size via either strategy achieve only a 25% drop in accuracy.
