14 DAY TRIAL // In Irvine, at the University of California, three scientists have been working on a technique called “Predictive Blacklisting” to prevent security attacks before they happen using complex prediction algorithms. As the scientists admitted in their study, the main inspiration for the research was the e-commerce giant Amazon, and its user book recommendation system.
Fabio Soldo, Anh Le and Athina Markopoulou were inspired by how shoppers visiting Amazon were recommended products similar to their previous acquisitions. Taking it a step further, the researchers have tried to apply the same principles in predicting security attacks on the Internet.
The technique called “Predictive Blacklisting” relies on creating, verifying, sharing, updating and blocking attack sources by placing them on blacklists. This will prevent future attacks following the same patterns to strike the same target again.
The researchers tested the system on hundreds of millions of security logs from numerous providers over the course of a month. The results were spectacular, the algorithm increasing the current blacklisting techniques performance with more than 70 percent.
The “Predictive Blacklisting” algorithm used a technique similar to the Google PageRank method, searching for common patterns, vectors and symptoms in former attacks, ranking and storing them as signs of a threat. Using the information acquired, later attacks following those patterns were placed on a blacklist, protecting important equipment and data from any consequences.
“Blacklists essentially attempt to forecast future malicious sources based on past logs. It is desirable that they are predictive, i.e., include many of the malicious sources that will appear in the future and as few false positives as possible. It is also desirable that the blacklist size is short, especially when the blacklist is used online for checking every flow on the fly,” the study said.
Regarding the results and possibilities of the Predictive Blacklisting algorithm, the authors added, “Despite our performance improvement and methodological development over the state-of-the-art, we believe that this work only scratches the surface of the complicated attack prediction problem. Our analysis shows that even larger improvements can be obtained.”