scispace - formally typeset
Search or ask a question
Topic

Blacklisting

About: Blacklisting is a research topic. Over the lifetime, 145 publications have been published within this topic receiving 2018 citations. The topic is also known as: blacklist.


Papers
More filters
Proceedings ArticleDOI
14 Mar 2010
TL;DR: The system exploits the observation that attackers often employ simple modifications to URLs to evade blacklisting, and proposes five heuristics to enumerate simple combinations of known phishing sites to discover new phishing URLs.
Abstract: Phishing has been easy and effective way for trickery and deception on the Internet While solutions such as URL blacklisting have been effective to some degree, their reliance on exact match with the blacklisted entries makes it easy for attackers to evade We start with the observation that attackers often employ simple modifications (eg, changing top level domain) to URLs Our system, PhishNet, exploits this observation using two components In the first component, we propose five heuristics to enumerate simple combinations of known phishing sites to discover new phishing URLs The second component consists of an approximate matching algorithm that dissects a URL into multiple components that are matched individually against entries in the blacklist In our evaluation with real-time blacklist feeds, we discovered around 18,000 new phishing URLs from a set of 6,000 new blacklist entries We also show that our approximate matching algorithm leads to very few false positives (3%) and negatives (5%)

367 citations

Journal ArticleDOI
TL;DR: The EU is spinning a global border web with regard to the battle against irregular migration as discussed by the authors, which has been changing the global face of the EU over the last few years, changing the face of Europe as well.
Abstract: Over the last few years, the global face of the EU has been changing. The EU is spinning a global border web with regard to the battle against irregular migration. At the borders of the EU, a power...

310 citations

01 Jan 2008
TL;DR: The highly predictive blacklist (HPB) as mentioned in this paper is a blacklist service that uses a ranking scheme that measures how closely related an attack source is to a blacklist consumer, based on both the attacker's history and the most recent firewall log production pattern of the consumer.
Abstract: We introduce the highly predictive Blacklist (HPB) service, which is now integrated into DShield.org portal [1] The HPB service employs a radically different approach to blacklist formulation than that a contemporary blacklist formulation strategies. At the core of the system is a ranking scheme that measures how closely related an attack source is to a blacklist consumer, based on both the attacker's history and the most recent firewall log production pattern of the consumer. Our objective is to construct a customized blacklist per repository contributor that reflects the most probable set of adresses that may attack the contributor in the near future. We view this service as a first experimental step toward a new direction in high-quality blacklist generation.

184 citations

Journal ArticleDOI
TL;DR: In this paper, the authors argue that public blacklisting by international organizations can be an effective means of bringing about compliance in otherwise recalcitrant states, and examine this contention in light of overlapping campaigns by the Organization for Economic Co-operation and Development and the Financial Action Task Force to pressure targeted states to adopt costly financial reforms.
Abstract: This article argues that public blacklisting by international organizations can be an effective means of bringing about compliance in otherwise recalcitrant states. This contention is examined in light of overlapping campaigns by the Organization for Economic Co-operation and Development and the Financial Action Task Force to pressure targeted states to adopt costly financial reforms. In a constructivist vein, blacklisting is held to be a form of speech act that changed the world by damaging states' reputations among investors, and thus produced pressure to comply through actual or anticipated capital flight. To be removed from blacklists, thereby preventing future economic damage, those targeted have had to comply with stringent regulatory standards mandated by these international organizations. Evidence is taken from interviews, press accounts, official documents and quantitative data relating to seven affected tax havens as well as Austria and Switzerland.

91 citations

Proceedings Article
28 Jul 2008
TL;DR: This paper introduces a blacklisting system based on a relevance ranking scheme borrowed from the link-analysis community that produces customized blacklists for individuals who choose to contribute data to a centralized log-sharing infrastructure.
Abstract: The notion of blacklisting communication sources has been a well-established defensive measure since the origins of the Internet community. In particular, the practice of compiling and sharing lists of the worst offenders of unwanted traffic is a blacklisting strategy that has remained virtually unquestioned over many years. But do the individuals who incorporate such blacklists into their perimeter defenses benefit from the blacklisting contents as much as they could from other list-generation strategies? In this paper, we will argue that there exist better alternative blacklist generation strategies that can produce higher-quality results for an individual network. In particular, we introduce a blacklisting system based on a relevance ranking scheme borrowed from the link-analysis community. The system produces customized blacklists for individuals who choose to contribute data to a centralized log-sharing infrastructure. The ranking scheme measures how closely related an attack source is to a contributor, using that attacker's history and the contributor's recent log production patterns. The blacklisting system also integrates substantive log prefiltering and a severity metric that captures the degree to which an attacker's alert patterns match those of common malware-propagation behavior. Our intent is to yield individualized blacklists that not only produce significantly higher hit rates, but that also incorporate source addresses that pose the greatest potential threat. We tested our scheme on a corpus of over 700 million log entries produced from the DShield data center and the result shows that our blacklists not only enhance hit counts but also can proactively incorporate attacker addresses in a timely fashion. An early form of our system have been fielded to DShield contributors over the last year.

86 citations


Network Information
Related Topics (5)
Authentication
74.7K papers, 867.1K citations
70% related
Voting
33.6K papers, 791.3K citations
68% related
Cryptography
37.3K papers, 854.5K citations
68% related
Social network
42.9K papers, 1.5M citations
67% related
The Internet
213.2K papers, 3.8M citations
67% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
202322
202242
20212
202017
20199
20187