Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: New DShield Feature: Highly Predictive Blocklists. - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New DShield Feature: Highly Predictive Blocklists.
I am happy to announce an exciting new feature to DShield submitters. Based on some research done by SRI International, we came up with an algorithm to create better blocklists.

The short one paragraph summary: The algorithm compares your submissions to others and finds groups of similar submitters. Next, it will generate blocklists based on how close you are to these other submitters.

In other simulations, these blocklists have been far superior to regular "global worst offender" or "local worst offender" lists.

For details, see

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS London June 2022


4479 Posts
ISC Handler
Apr 17th 2007

Sign Up for Free or Log In to start participating in the conversation!