Limiting the Size of a Predictive Blacklist While Maintaining Sufficient Accuracy
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F22%3A00126039" target="_blank" >RIV/00216224:14610/22:00126039 - isvavai.cz</a>
Result on the web
<a href="https://doi.org/10.1145/3538969.3539007" target="_blank" >https://doi.org/10.1145/3538969.3539007</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.1145/3538969.3539007" target="_blank" >10.1145/3538969.3539007</a>
Alternative languages
Result language
angličtina
Original language name
Limiting the Size of a Predictive Blacklist While Maintaining Sufficient Accuracy
Original language description
Blacklists (blocklists, denylists) of network entities (e.g., IP addresses, domain names) are popular approaches to preventing cyber attacks. However, the limited capacity of active network defense devices may not hold all the entries on a blacklist. In this paper, we evaluated two strategies to limit the size of a blacklist and their impact on the blacklist's accuracy. The first strategy is setting the maximal size of a blacklist; the second is setting an expiration time to blacklist items. Short-term attack predictions are typically more precise, and, thus, the recent blacklist entries should be more valuable than older ones. Our experiment shows that the blacklists reduced to half of the size via either strategy achieve only a 25% drop in accuracy.
Czech name
—
Czech description
—
Classification
Type
D - Article in proceedings
CEP classification
—
OECD FORD branch
10200 - Computer and information sciences
Result continuities
Project
<a href="/en/project/EF16_019%2F0000822" target="_blank" >EF16_019/0000822: CyberSecurity, CyberCrime and Critical Information Infrastructures Center of Excellence</a><br>
Continuities
P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)
Others
Publication year
2022
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Data specific for result type
Article name in the collection
The 17th International Conference on Availability, Reliability and Security (ARES 2022)
ISBN
9781450396707
ISSN
—
e-ISSN
—
Number of pages
6
Pages from-to
„22:1“-„22:6“
Publisher name
ACM
Place of publication
Vienna
Event location
Vienna, Austria
Event date
Aug 23, 2022
Type of event by nationality
WRD - Celosvětová akce
UT code for WoS article
001122620500022