Researchers look to retail to predict security threats

Security researchers are working on predictive blacklisting' to judge what an attacker is going to do next with malware.

The University of California researchers said that they took their inspiration for the technique from a recent competition by US DVD rental service Netflix, which attempted to improve the accuracy of predicting which movies customers would like based on their existing preferences.

This is also used on e-commerce sites like Amazon, which flags up purchases you might be interested in based on your buying history.

Blacklists to forecast malicious sources are also based on past activity, but accurately predicting online activity such as unwanted web content, spam production and phishing sites was a "complex problem", according to the study.

The researchers have been trying to move blacklisting forward by building on work where Google's PageRank algorithm is used to identify the attacks most likely to target victims.

Using a recommendation system, the researchers studied malicious behaviour at the internet protocol (IP) level, which allowed them to predict future malicious activity on the past more effectively, and then construct predictive blacklists for each victim.

The report said: "We exploit both temporal (attack trends) and spatial (similarity of attackers and victims) features of malicious behaviour."