Best paper award for analysis of a decade of malware reports
The research suggests that common blacklist-based prevention systems are ineffective.
Muhammad Ikram, a joint postdoc in the labs of Prof. Roya Ensafi and Prof. Dali Kaafar at Macquarie University in Australia, received the Best Paper Award at AsiaCCS 2019 along with collaborators. The team performed an analysis of malicious internet activity from over a decade in order to determine whether the blacklist approach to suspicious IP addresses is truly the most effective.
The main contributions of the paper are a novel means of collecting malicious activity reports, a machine learning approach to classifying reported activities, and an analysis of mal-activity reporting behavior over a decade’s worth of data. The researchers’ analysis shows that some classes of mal-activities (like phishing) and a small number of mal-activity sources are persistent, suggesting that either blacklist-based prevention systems are ineffective or have unreasonably long update periods. The analysis also indicates that resources can be better utilized by focusing on heavy mal-activity contributors, which constitute the bulk of mal-activities.