Mark Allman, Ethan Blanton, Vern Paxson. An Architecture for Developing Behavioral History. Workshop on Steps to Reduce Unwanted Traffic on the Internet (SRUTI), July 2005.
PS | PDF | Slides


We present an architecture for large-scale sharing of past behavioral patterns about network actors (e.g., hosts or email addresses) in an effort to inform policy decisions about how to treat future interactions. In our system, entities can submit reports of certain observed behavior (particularly attacks) to a distributed database. When deciding whether to provide services to a given actor, users can then consult the database to obtain a global history of the actor's past activity. Three key elements of our system are: (i) we do not require a hard-and-fast notion of identity, (ii) we presume that users make local decisions regarding the reputations developed by the contributors to the system as the basis of the {trust} to place in the information, (iii) we envision enabling witnesses to attest that certain activity was observed \emph{without} requiring the witness to agree as to the behavioral meaning of the activity. We sketch an architecture for such a system that we believe the community could benefit from and collectively build.


