Analysis of Traffic Filtering Approaches and the Effectiveness of Blacklisting and Whitelisting

One of the most common methods for automatically determining the type of content in incoming traffic and limiting it is the system of black and white lists. Blacklists and whitelists are a set of “trusted” or “untrustworthy” rules for classifying data within information packets by which unwanted content is filtered. The object of the research is the existing traffic that will be divided into two groups in the form of "True-traffic" and "False-traffic". According to the compiled black and white lists, the number of hits of each traffic unit is determined and according to these data, an assessment of this approach to analysis is given. In accordance with the list of blocked signatures, the number of true blockings has high positive indicators and the number of false positives is close to zero with a VPN connection and starting a proxy server you can bypass content filtering, with transferring the resource to another URL blocking doesn’t occur, that was revealed on the cyberpolygon created to study the tasks of content filtering.