Browse Definitions :
Definition

behavior blacklisting

Contributor(s): Matthew Haughn

Behavior blacklisting is a security method based on detecting specified suspicious actions on the part of software or human agents and blocking access accordingly. Like behavior whitelisting, behavior blacklisting is used to secure email systems against spam and phishing attempts, to protect websites, services and forums from bots and hackers and to safeguard computers from malware and hacking attempts. Breach detection systems (BDS) also rely on behavior blacklisting to maintain network security.

Content-based filtering and IP-based blacklisting, the two most common methods used to block spam, are becoming less effective as spammers have adapted their own techniques to foil them. Blacklisting can catch a significant percentage of spam missed by those methods. In a behavior-based spam filter, instead of a record of IP addresses to be blocked as known offenders, the software tracks behaviors such as sending patterns. Similarly-sent suspected mass mailings are easily blocked. Web crawling bots that may spam or vandalize websites and forums can also be blocked because of  their recognizable scripted behaviors. Heuristics-based antivirus systems are essentially a form of behavior blacklisting, helping to detect new threats and especially new variants of existing viruses.

Behavior blacklisting is especially useful on machines that have many required functions and those that are constantly changing; it can take more work to update a whitelist in such variable environments. Nevertheless, the list of allowed software and network behaviors, code executed and email addresses that could be specified on a whitelist is typically shorter than a similar compliation for a blacklist. Blacklisting behavior ensures more unblocked capabilities to begin with but must be kept up to date, and that may require more work in the long run to keep pace with changing IPs, environments and threats.

This was last updated in January 2017

Continue Reading About behavior blacklisting

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

  • compliance audit

    A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines.

  • regulatory compliance

    Regulatory compliance is an organization's adherence to laws, regulations, guidelines and specifications relevant to its business...

  • Whistleblower Protection Act

    The Whistleblower Protection Act of 1989 is a law that protects federal government employees in the United States from ...

SearchSecurity

  • payload (computing)

    In computing, a payload is the carrying capacity of a packet or other transmission data unit. The term has its roots in the ...

  • passphrase

    A passphrase is a string of characters longer than the usual password (which is typically from four to 16 characters long) that ...

  • Web application firewall (WAF)

    A Web application firewall (WAF) is a firewall that monitors, filters or blocks traffic to and from a Web application. WAFs are ...

SearchHealthIT

SearchDisasterRecovery

SearchStorage

  • computational storage

    Computational storage is defined as an architecture that couples compute with storage in order to reduce data movement. In doing ...

  • data deduplication

    Data deduplication -- often called intelligent compression or single-instance storage -- is a process that eliminates redundant ...

  • public cloud storage

    Public cloud storage, also called storage-as-a-service or online storage is a service model that provides data storage on a ...

Close