Ife, CC;
Shen, Y;
Murdoch, S;
Stringhini, G;
(2019)
Waves of Malice: A Longitudinal Measurement of the Malicious File Delivery Ecosystem on the Web.
In: Galbraith, Steven and Russello, Giovanni and Susilo, Willy, (eds.)
The Proceedings of the ACM ASIA Conference on Computer and Communications Security - Asia CCS '19.
(pp. pp. 168-180).
Association for Computing Machinery: New York, NY, USA.
Preview |
Text
Murdoch_Waves of Malice. A Longitudinal Measurement of the Malicious File Delivery Ecosystem on the Web_AAM.pdf - Accepted Version Download (831kB) | Preview |
Abstract
We present a longitudinal measurement of malicious file distribution on the Web. Following a data-driven approach, we identify network infrastructures and the files that they download. We then study their characteristics over a short period (one day), over a medium period (daily, over one month) as well as in the long term (weekly, over one year). This analysis offers us an unprecedented view of the malicious file delivery ecosystem and its dynamics. We find that the malicious file delivery landscape can be divided into two distinct ecosystems: a much larger, tightly connected set of networks that is mostly responsible for the delivery of potentially unwanted programs (PUP), and a number of disjoint network infrastructures that are responsible for delivering malware on victim computers. We find that these two ecosystems are mostly disjoint, but it is not uncommon to see malware downloaded from the PUP Ecosystem, and vice versa. We estimate the proportions of PUP- to-malware in the wild to be heavily skewed towards PUP (17:2) and compare their distribution patterns. We observe periodicity in the activity of malicious network infrastructures, and we find that although malicious file operations present a high degree of volatility, 75% of the observed malicious networks remain active for more than six weeks, with 26% surviving for an entire year. We then reason on how our findings can help the research and law enforcement communities in developing better takedown techniques.
| Type: | Proceedings paper |
|---|---|
| Title: | Waves of Malice: A Longitudinal Measurement of the Malicious File Delivery Ecosystem on the Web |
| Event: | ACM ASIA Conference on Computer and Communications Security - 2019 |
| Location: | Auckland, New Zealand |
| Dates: | 07 July 2019 - 12 July 2019 |
| ISBN-13: | 978-1-4503-6752-3 |
| Open access status: | An open access version is available from UCL Discovery |
| DOI: | 10.1145/3321705.3329807 |
| Publisher version: | https://doi.org/10.1145/3321705.3329807 |
| Language: | English |
| Additional information: | This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions. |
| UCL classification: | UCL UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Security and Crime Science |
| URI: | https://discovery.ucl.ac.uk/id/eprint/10073742 |
Archive Staff Only
 |
View Item |
