UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

Waves of Malice: A Longitudinal Measurement of the Malicious File Delivery Ecosystem on the Web

Ife, CC; Shen, Y; Murdoch, S; Stringhini, G; (2019) Waves of Malice: A Longitudinal Measurement of the Malicious File Delivery Ecosystem on the Web. In: Galbraith, Steven and Russello, Giovanni and Susilo, Willy, (eds.) The Proceedings of the ACM ASIA Conference on Computer and Communications Security - Asia CCS '19. (pp. pp. 168-180). Association for Computing Machinery: New York, NY, USA. Green open access

[thumbnail of Murdoch_Waves of Malice. A Longitudinal Measurement of the Malicious File Delivery Ecosystem on the Web_AAM.pdf]
Preview
Text
Murdoch_Waves of Malice. A Longitudinal Measurement of the Malicious File Delivery Ecosystem on the Web_AAM.pdf - Accepted version

Download (831kB) | Preview

Abstract

We present a longitudinal measurement of malicious file distribution on the Web. Following a data-driven approach, we identify network infrastructures and the files that they download. We then study their characteristics over a short period (one day), over a medium period (daily, over one month) as well as in the long term (weekly, over one year). This analysis offers us an unprecedented view of the malicious file delivery ecosystem and its dynamics. We find that the malicious file delivery landscape can be divided into two distinct ecosystems: a much larger, tightly connected set of networks that is mostly responsible for the delivery of potentially unwanted programs (PUP), and a number of disjoint network infrastructures that are responsible for delivering malware on victim computers. We find that these two ecosystems are mostly disjoint, but it is not uncommon to see malware downloaded from the PUP Ecosystem, and vice versa. We estimate the proportions of PUP- to-malware in the wild to be heavily skewed towards PUP (17:2) and compare their distribution patterns. We observe periodicity in the activity of malicious network infrastructures, and we find that although malicious file operations present a high degree of volatility, 75% of the observed malicious networks remain active for more than six weeks, with 26% surviving for an entire year. We then reason on how our findings can help the research and law enforcement communities in developing better takedown techniques.

Type: Proceedings paper
Title: Waves of Malice: A Longitudinal Measurement of the Malicious File Delivery Ecosystem on the Web
Event: ACM ASIA Conference on Computer and Communications Security - 2019
Location: Auckland, New Zealand
Dates: 07 July 2019 - 12 July 2019
ISBN-13: 978-1-4503-6752-3
Open access status: An open access version is available from UCL Discovery
DOI: 10.1145/3321705.3329807
Publisher version: https://doi.org/10.1145/3321705.3329807
Language: English
Additional information: This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions.
UCL classification: UCL
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Security and Crime Science
URI: https://discovery.ucl.ac.uk/id/eprint/10073742
Downloads since deposit
78Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item