|
Cyber-TA (http://www.cyber-ta.org ) and their Malware Threat Center (http://mtc.sri.com ) are great places to keep up on malware and new threats. They're among our most important sources of information, and a group of researchers we rely on very often for great innovations. They've perfected their Highly Predictive Blacklists in conjunction with ISC and DShield. A paper has been released here: http://www.cyber-ta.org/pubs/hpb.pdf Essentially this is using the data submitted to DShield via firewall logs and other sources, massaging that and producing a blacklist for individual sites that is most highly relevant to their exposure and likely sources of attack. Great stuff, helps keep firewall rulesets and other tools under control. We can't all afford to block every IP that's done anything bad lately, this makes blocking the most important stuff much more possible. "Our experiments demonstrate that our Highly Predictive Blacklist algorithm consistently creates firewall filters that are exercised at much higher rates than those from conventional blacklist methods," says Phil Porras, a researcher at SRI. I highly recommend taking a look at and using the tools available. Great stuff!! Matt
|
