Highly Space Efficient Blacklisting

  • Marián Kühnel
  • Ulrike Meyer
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 299)


Many recent mobile devices have CPU units comparable to desktop computers while the storage capacity they offer is significantly reduced, often by a factor of one hundred. This restriction is crucial for most current blacklisting solutions which have good performance but suffer from large memory consumption. In order to improve the situation, we propose a novel blacklisting solution operating on compressed lists. For compression, we adapt the tabular Quine-McCluskey algorithm based on the concept of reduced masks. This guarantees that the compressed blacklist is never larger than the original one. For l entries in the blacklist and k prime implicants with the highest degree n our optimized top-down reduction algorithm requires at most k + l + 2 n memory instead of kl. Evaluations prove that the space efficient network address blacklisting on compressed data can save up to 74,43% memory space.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Brayton, R.K.: Logic minimization algorithms for VLSI synthesis. Kluwer Academic (1984)Google Scholar
  2. 2.
    Chandra, A., Markowsky, G.: On the number of prime implicants. Discrete Mathematics 24, 7–11 (1978)CrossRefzbMATHMathSciNetGoogle Scholar
  3. 3.
    Coudert, O.: Two-level logic minimization: an overview. Integration, the VLSI Journal 17(2), 97–140 (1994)CrossRefzbMATHGoogle Scholar
  4. 4.
    Dagenais, M.R., Agarwal, V.K., Rumin, N.C.: Mcboole: A new procedure for exact logic minimization. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 5(1), 229–238 (1986)CrossRefGoogle Scholar
  5. 5.
    Herrero, A., Zurutuza, U., Corchado, E.: A neural-visualization ids for honeynet data. International Journal of Neural Systems 22(2) (2012)Google Scholar
  6. 6.
    Hlavička, J., Fišer, P.: Boom: A heuristic boolean minimizer. In: Proceedings of the 2001 IEEE/ACM International Conference on Computer-aided Design, pp. 439–442. IEEE (2001)Google Scholar
  7. 7.
    Jain, T.K., Kushwaha, D.S., Misra, A.K.: Optimization of the quine-mccluskey method for the minimization of the boolean expressions. In: Fourth International Conference on Autonomic and Autonomous Systems, ICAS 2008, pp. 165–168. IEEE (2008)Google Scholar
  8. 8.
    NiX Spam project. Dns-based blacklist of nix spam,
  9. 9.
    Quine, W.V.: A way to simplify truth functions. American Mathematical Monthly, 627–631 (1955)Google Scholar
  10. 10.
    Ruiz-Sánchez, M.Á., Biersack, E.W., Dabbous, W.: Survey and taxonomy of ip address lookup algorithms. IEEE Network 15(2), 8–23 (2001)CrossRefGoogle Scholar
  11. 11.
    Thames, L., Abler, R., Keeling, D.: Bit vector algorithms enabling high-speed and memory-efficient firewall blacklisting. In: Proceedings of the 47th Annual Southeast Regional Conference, p. 22. ACM (2009)Google Scholar
  12. 12.
    The Internet Assigned Numbers Authority (IANA). Service name and transport protocol port number registry,
  13. 13.
    Theobald, M., Nowick, S.M., Wu, T.: Espresso-hf: A heuristic hazard-free minimizer for two-level logic. In: Proceedings of the 33rd Annual Design Automation Conference, pp. 71–76. ACM (1996)Google Scholar
  14. 14.
    Ullrich, J.: Dshield global worst offender list,
  15. 15.
    Zhang, J., Porras, P.A., Ullrich, J.: Highly predictive blacklisting. In: USENIX Security Symposium, pp. 107–122. ACM (2008)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  1. 1.IT Security GroupRWTH Aachen UniversityAachenGermany

Personalised recommendations