Analysis of Traffic Filtering Approaches and the Effectiveness of Blacklisting and Whitelisting

One of the most common methods for automatically determining the type of content in incoming traffic and limiting it is the system of black and white lists. Blacklists and whitelists are a set of “trusted” or “untrustworthy” rules for classifying data within information packets by which unwanted content is filtered. The object of the research is the existing traffic that will be divided into two groups in the form of "True-traffic" and "False-traffic". According to the compiled black and white lists, the number of hits of each traffic unit is determined and according to these data, an assessment of this approach to analysis is given. In accordance with the list of blocked signatures, the number of true blockings has high positive indicators and the number of false positives is close to zero with a VPN connection and starting a proxy server you can bypass content filtering, with transferring the resource to another URL blocking doesn’t occur, that was revealed on the cyberpolygon created to study the tasks of content filtering.

1. Technical Considerations for Internet Service Blocking and Filtering - RFC 7754.

2. Bukharin V. V., Zakalkin P. V., Karaichev S. Yu., Brechko A. A. Metod zashchity servera uslug ot DDOS atak za schet ispolzovaniya spiskov IP-adresov [Method of protecting the service server from DDOS attacks by using lists of ip-addresses]. Voprosy oboronnoi tekhniki. Seriya 16: tekhnicheskie sredstva protivodeistviya terrorizmu, 2019, no. 11-12, pp. 29-35.

3. Grechishnikov E. V., Dobryshin M. M. Otsenka effektivnosti destruktivnykh programmnykh vozdeistvii na seti svyazi [Evaluation of the effectiveness of destructive program impacts on communication networks]. Sistemy upravleniya, svyazi i bezopasnosti, 2015, no. 2, pp. 135-146.

4. Azhmukhamedov I. M., Zaporozhets K. V. Usovershenstvovannyi metod filtratsii nezhelatelnogo trafika [Advanced method for filtering unwanted traffic]. Vestnik Astrakhanskogo gosudarstvennogo tekhnicheskogo universiteta. Seriya: Upravlenie, vychislitel'naya tekhnika i informatika, 2014, no. 1, pp. 98-104.

5. Nguen M. T. Testirovanie metodov mashinnogo obucheniya v zadache klassifikatsii http zaprosov s primenenie tekhnologii TF-IDF [Testing machine learning methods in the task of classifying http requests using TF-IDF technology]. Vestnik Volzhskogo gosudarstvennogo universiteta. Seriya: Sistemnyi analiz i informatsionnye tekhnologii, 2019, no. 4, pp. 119-131.

6. Boldyrikhin N. V., Belchikova D. A., Zakut M. Analiz sovremennykh tekhnologii mezhsetevogo ekranirovaniya [Analysis of modern firewall technologies]. 2020, pp. 129-134.

7. Karaichev S. Yu., Bukharin V. V., Pikalov E. D. Sposob zashchity ot destruktivnykh programmnykh vozdeistvii v multiservisnykh setyakh svyazi [A method of protection against destructive program influences in multiservice communication networks]. Voprosy kiberbezopasnosti, 2016, no. 3, pp. 18-25.

8. Kotsynyak M. A., Lauta O. S., Nechepurenko A. P. Model sistemy vozdeistviya na informatsionnotelekommunikatsionnuyu sistemu spetsialnogo naznacheniya v usloviyakh informatsionnogo protivoborstva [Model of the system of influence on the information and telecommunication system of special purpose in the conditions of information confrontation]. Voprosy oboronnoi tekhniki, 2019. iss. 2, pp. 40-44.

9. Litvinov G. A. Skrytye kanaly peredachi informatsii na osnove DNS-zaprosov [Hidden channels of information transfer based on DNS queries]. Materialy regional'noi molodezhnoi nauchnoprakticheskoi konferentsii «Nanotekhnologii. Informatsiya. Radiotekhnika (NIR-22)», 2022, pp. 81-85.

10. Strekalov I. E., Novikov A. A., Lopatin D. V. Metody dinamicheskoi filtratsii veb-kontenta [Web Content Dynamic Filtering Techniques]. Vestnik rossiiskikh universitetov. Matematika, 2014, no. 1, pp.1-2.

11. Babenko A. A., Bakhracheva Yu. S., Aleeva A. R. Sistema filtratsii nezhelatelnykh prilozhenii internet- resursov [System for filtering unwanted applications of Internet resources]. NBI-technologies, 2020, no. 4, pp. 6-11.