This week we focus on a new interesting concept: predictive blacklisting. Today, blacklists are commonly used to protect against malicious traffic on the Internet : lists of attack sources are compiled and shared.
Here, it means using lists of known and recorded actors who have performed abnormal and/or malicious actions in the past to do attack forecasting. In this way, it’s possible to create a predictive blacklist of an attack that hasn’t yet occurred!
The paper presents the problem of attack source prediction as an implicit recommendation system. In this article, the researchers model the behaviour of attackers using past interactions they have had with their victims, for example. Their goal is to determine which attackers are likely to attack a specific victim in the future.
They then model their predictions to the recommendation problem by transposing the problem of predicting the ranking of articles in classical recommender systems to their input data.
The method shows a significant improvement over existing approaches, which is a big step forward!