Confidence factor and IP address reputation

IP address reputation data is evaluated on the time that it is seen and the volume of messages or data. X-Force® categorizes IP address reputation data and assigns a confidence factor value 0 - 100, where 0 represents no confidence and 100 represents certainty. For example, X-Force might categorize a source IP address as a scanning IP with a confidence factor of 75, which is a moderately high level of confidence.

Determining a threshold

As an example, spam messages with an IP address reputation entry of 0 indicates that the source IP traffic is not spam, whereas an entry of 100 indicates definite spam traffic. Thus, values less than 50 indicate less probability that the message is spam, and values greater than 50 indicate more probability that the message is spam. A value of 50 or higher is the threshold where you might consider action on a triggered rule.

These probabilities are based on ongoing web-based data that IBM® Security X-Force Threat Intelligence continuously collects and analyzes from around the world in X-Force data centers. As data is collected, the system evaluates how much spam is received from a particular IP address, or how frequently the flagged IP address is in the IP address reputation category. The more times, the higher the system scores the confidence factor.