{"id":"https://openalex.org/W2941041872","doi":"https://doi.org/10.1145/3321705.3329834","title":"A Decade of Mal-Activity Reporting","display_name":"A Decade of Mal-Activity Reporting","publication_year":2019,"publication_date":"2019-07-02","ids":{"openalex":"https://openalex.org/W2941041872","doi":"https://doi.org/10.1145/3321705.3329834","mag":"2941041872"},"language":"en","primary_location":{"id":"doi:10.1145/3321705.3329834","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3321705.3329834","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5016670591","display_name":"Benjamin Zi Hao Zhao","orcid":"https://orcid.org/0000-0002-2774-2675"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"funder","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I31746571","display_name":"UNSW Sydney","ror":"https://ror.org/03r8z3t63","country_code":"AU","type":"education","lineage":["https://openalex.org/I31746571"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Benjamin Zi Hao Zhao","raw_affiliation_strings":["University of New South Wales &amp; Data61, CSIRO, Sydney, Australia"],"affiliations":[{"raw_affiliation_string":"University of New South Wales &amp; Data61, CSIRO, Sydney, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I31746571","https://openalex.org/I1292875679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5085746400","display_name":"Muhammad Ikram","orcid":"https://orcid.org/0000-0003-2113-3390"},"institutions":[{"id":"https://openalex.org/I27837315","display_name":"University of Michigan\u2013Ann Arbor","ror":"https://ror.org/00jmfr291","country_code":"US","type":"education","lineage":["https://openalex.org/I27837315"]},{"id":"https://openalex.org/I99043593","display_name":"Macquarie University","ror":"https://ror.org/01sf06y89","country_code":"AU","type":"education","lineage":["https://openalex.org/I99043593"]}],"countries":["AU","US"],"is_corresponding":false,"raw_author_name":"Muhammad Ikram","raw_affiliation_strings":["Macquarie University &amp; University of Michigan, Sydney, Australia"],"affiliations":[{"raw_affiliation_string":"Macquarie University &amp; University of Michigan, Sydney, Australia","institution_ids":["https://openalex.org/I99043593","https://openalex.org/I27837315"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5049859678","display_name":"Hassan Jameel Asghar","orcid":"https://orcid.org/0000-0001-6168-6497"},"institutions":[{"id":"https://openalex.org/I99043593","display_name":"Macquarie University","ror":"https://ror.org/01sf06y89","country_code":"AU","type":"education","lineage":["https://openalex.org/I99043593"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Hassan Jameel Asghar","raw_affiliation_strings":["Macquarie University, Sydney, Australia"],"affiliations":[{"raw_affiliation_string":"Macquarie University, Sydney, Australia","institution_ids":["https://openalex.org/I99043593"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5040251515","display_name":"Mohamed Ali K\u00e2afar","orcid":"https://orcid.org/0000-0003-2714-0276"},"institutions":[{"id":"https://openalex.org/I99043593","display_name":"Macquarie University","ror":"https://ror.org/01sf06y89","country_code":"AU","type":"education","lineage":["https://openalex.org/I99043593"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Mohamed Ali Kaafar","raw_affiliation_strings":["Macquarie University, Sydney, Australia"],"affiliations":[{"raw_affiliation_string":"Macquarie University, Sydney, Australia","institution_ids":["https://openalex.org/I99043593"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5009151165","display_name":"Abdelberi Chaabane","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Abdelberi Chaabane","raw_affiliation_strings":["No Affiliation, Paris, France"],"affiliations":[{"raw_affiliation_string":"No Affiliation, Paris, France","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5073287852","display_name":"Kanchana Thilakarathna","orcid":"https://orcid.org/0000-0003-4332-0082"},"institutions":[{"id":"https://openalex.org/I129604602","display_name":"University of Sydney","ror":"https://ror.org/0384j8v12","country_code":"AU","type":"education","lineage":["https://openalex.org/I129604602"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Kanchana Thilakarathna","raw_affiliation_strings":["The University of Sydney, Sydney, Australia"],"affiliations":[{"raw_affiliation_string":"The University of Sydney, Sydney, Australia","institution_ids":["https://openalex.org/I129604602"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5016670591"],"corresponding_institution_ids":["https://openalex.org/I1292875679","https://openalex.org/I31746571","https://openalex.org/I42894916"],"apc_list":null,"apc_paid":null,"fwci":1.7684,"has_fulltext":false,"cited_by_count":21,"citation_normalized_percentile":{"value":0.8599272,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"193","last_page":"205"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/blacklist","display_name":"Blacklist","score":0.9538620114326477},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.6443979740142822},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6107058525085449},{"id":"https://openalex.org/keywords/phishing","display_name":"Phishing","score":0.593513548374176},{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.5533099174499512},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5061752200126648},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.4993019104003906},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.484224796295166},{"id":"https://openalex.org/keywords/blacklisting","display_name":"Blacklisting","score":0.43664222955703735},{"id":"https://openalex.org/keywords/learning-classifier-system","display_name":"Learning classifier system","score":0.4271659255027771},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.3587656617164612},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2777246832847595},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.12069869041442871}],"concepts":[{"id":"https://openalex.org/C2781345505","wikidata":"https://www.wikidata.org/wiki/Q2535979","display_name":"Blacklist","level":2,"score":0.9538620114326477},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.6443979740142822},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6107058525085449},{"id":"https://openalex.org/C83860907","wikidata":"https://www.wikidata.org/wiki/Q135005","display_name":"Phishing","level":3,"score":0.593513548374176},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.5533099174499512},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5061752200126648},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.4993019104003906},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.484224796295166},{"id":"https://openalex.org/C2779797433","wikidata":"https://www.wikidata.org/wiki/Q632959","display_name":"Blacklisting","level":2,"score":0.43664222955703735},{"id":"https://openalex.org/C199190896","wikidata":"https://www.wikidata.org/wiki/Q3509276","display_name":"Learning classifier system","level":3,"score":0.4271659255027771},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3587656617164612},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2777246832847595},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.12069869041442871},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3321705.3329834","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3321705.3329834","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Partnerships for the goals","score":0.49000000953674316,"id":"https://metadata.un.org/sdg/17"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":30,"referenced_works":["https://openalex.org/W22566950","https://openalex.org/W1775772884","https://openalex.org/W1916198581","https://openalex.org/W1954903228","https://openalex.org/W1975219037","https://openalex.org/W1980003963","https://openalex.org/W1981294881","https://openalex.org/W1985683032","https://openalex.org/W2026621111","https://openalex.org/W2049645248","https://openalex.org/W2069620139","https://openalex.org/W2070226850","https://openalex.org/W2084321021","https://openalex.org/W2100765095","https://openalex.org/W2101234009","https://openalex.org/W2114250523","https://openalex.org/W2119971988","https://openalex.org/W2127935984","https://openalex.org/W2130850880","https://openalex.org/W2134385885","https://openalex.org/W2162101611","https://openalex.org/W2551244268","https://openalex.org/W2604422183","https://openalex.org/W2614419969","https://openalex.org/W2727710601","https://openalex.org/W2748868501","https://openalex.org/W2775084859","https://openalex.org/W2962795608","https://openalex.org/W2963779160","https://openalex.org/W2997591727"],"related_works":["https://openalex.org/W2933056782","https://openalex.org/W4281884841","https://openalex.org/W1593211785","https://openalex.org/W3207470445","https://openalex.org/W2183312460","https://openalex.org/W4313492216","https://openalex.org/W3215769141","https://openalex.org/W2794575345","https://openalex.org/W4375830807","https://openalex.org/W2982309254"],"abstract_inverted_index":{"This":[0],"paper":[1,162],"focuses":[2],"on":[3,242],"reporting":[4,190],"of":[5,19,24,37,44,106,115,135,160,167,180,188,203,211,250],"Internet":[6,88],"malicious":[7],"activity":[8],"(or":[9],"mal-activity":[10,62,189,212,244],"in":[11],"short)":[12],"by":[13,193,240],"public":[14,81,121],"blacklists":[15],"with":[16,94,170],"the":[17,30,35,48,71,92,111,131,161,181,248],"objective":[18],"providing":[20],"a":[21,125,164,171,208],"systematic":[22],"characterization":[23,179],"what":[25],"has":[26],"been":[27],"reported":[28,38,177],"over":[29],"years,":[31],"and":[32,78,87,104,207],"more":[33,58],"importantly,":[34,185],"evolution":[36],"activities.":[39],"Using":[40],"an":[41],"initial":[42],"seed":[43],"22":[45],"blacklists,":[46],"covering":[47],"period":[49],"from":[50,120],"January":[51],"2007":[52],"to":[53,123,129,175],"June":[54],"2017,":[55],"we":[56,90,109],"collect":[57],"than":[59],"51":[60],"million":[61,117,137],"reports":[63,77],"involving":[64],"662K":[65],"unique":[66,146],"IP":[67],"addresses":[68],"worldwide.":[69],"Leveraging":[70],"Wayback":[72],"Machine,":[73],"antivirus":[74],"(AV)":[75],"tool":[76],"several":[79],"additional":[80,141],"datasets":[82],"(e.g.,":[83,205],"BGP":[84],"Route":[85],"Views":[86],"registries)":[89],"enrich":[91],"data":[93],"historical":[95],"meta-information":[96],"including":[97],"geo-locations":[98],"(countries),":[99],"autonomous":[100],"system":[101],"(AS)":[102],"numbers":[103],"types":[105],"mal-activity.":[107],"Furthermore,":[108],"use":[110],"initially":[112],"labelled":[113],"dataset":[114,134,148,182],"~1.57":[116],"mal-activities":[118,138,204],"(obtained":[119],"blacklists)":[122],"train":[124],"machine":[126,172],"learning":[127,173],"classifier":[128],"classify":[130,176],"remaining":[132],"unlabeled":[133],"~44":[136],"obtained":[139],"through":[140],"sources.":[142],"We":[143],"make":[144],"our":[145,197],"collected":[147],"(and":[149],"scripts":[150],"used)":[151],"publicly":[152],"available":[153],"for":[154],"further":[155],"research.":[156],"The":[157],"main":[158],"contributions":[159],"are":[163,214,222],"novel":[165],"means":[166],"report":[168],"collection,":[169],"approach":[174],"activities,":[178],"and,":[183],"most":[184],"temporal":[186],"analysis":[187,198,231],"behavior.":[191],"Inspired":[192],"P2P":[194],"behavior":[195],"modeling,":[196],"shows":[199],"that":[200,217,234],"some":[201],"classes":[202],"phishing)":[206],"small":[209],"number":[210],"sources":[213],"persistent,":[215],"suggesting":[216],"either":[218],"blacklist-based":[219],"prevention":[220],"systems":[221],"ineffective":[223],"or":[224],"have":[225],"unreasonably":[226],"long":[227],"update":[228],"periods.":[229],"Our":[230],"also":[232],"indicates":[233],"resources":[235],"can":[236],"be":[237],"better":[238],"utilized":[239],"focusing":[241],"heavy":[243],"contributors,":[245],"which":[246],"constitute":[247],"bulk":[249],"mal-activities.":[251]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":6},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":7}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}