{"id":"https://openalex.org/W4402957852","doi":"https://doi.org/10.1145/3678890.3678925","title":"Blocklist-Forecast: Proactive Domain Blocklisting by Identifying Malicious Hosting Infrastructure","display_name":"Blocklist-Forecast: Proactive Domain Blocklisting by Identifying Malicious Hosting Infrastructure","publication_year":2024,"publication_date":"2024-09-29","ids":{"openalex":"https://openalex.org/W4402957852","doi":"https://doi.org/10.1145/3678890.3678925"},"language":"en","primary_location":{"id":"doi:10.1145/3678890.3678925","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3678890.3678925","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"The 27th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3678890.3678925","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5064731139","display_name":"Udesh Kumarasinghe","orcid":"https://orcid.org/0000-0002-3836-7495"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Udesh Kumarasinghe","raw_affiliation_strings":["Purdue University, USA"],"affiliations":[{"raw_affiliation_string":"Purdue University, USA","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5033996366","display_name":"Mohamed Nabeel","orcid":"https://orcid.org/0000-0003-3502-9914"},"institutions":[{"id":"https://openalex.org/I4210108451","display_name":"Palo Alto Networks (United States)","ror":"https://ror.org/01rn6rn86","country_code":"US","type":"company","lineage":["https://openalex.org/I4210108451"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mohamed Nabeel","raw_affiliation_strings":["Palo Alto Networks, USA"],"affiliations":[{"raw_affiliation_string":"Palo Alto Networks, USA","institution_ids":["https://openalex.org/I4210108451"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5023814465","display_name":"Charitha Elvitigala","orcid":"https://orcid.org/0000-0002-5923-4341"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Charitha Elvitigala","raw_affiliation_strings":["C2SI, Sri Lanka"],"affiliations":[{"raw_affiliation_string":"C2SI, Sri Lanka","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5064731139"],"corresponding_institution_ids":["https://openalex.org/I219193219"],"apc_list":null,"apc_paid":null,"fwci":1.0958,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.79381443,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"35","last_page":"48"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7277839183807373},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.6037386059761047},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5350497961044312},{"id":"https://openalex.org/keywords/critical-infrastructure","display_name":"Critical infrastructure","score":0.47333911061286926},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.3674892783164978}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7277839183807373},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.6037386059761047},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5350497961044312},{"id":"https://openalex.org/C29852176","wikidata":"https://www.wikidata.org/wiki/Q373338","display_name":"Critical infrastructure","level":2,"score":0.47333911061286926},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3674892783164978},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3678890.3678925","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3678890.3678925","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"The 27th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3678890.3678925","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3678890.3678925","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"The 27th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9","score":0.550000011920929}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":22,"referenced_works":["https://openalex.org/W2004044843","https://openalex.org/W2082550445","https://openalex.org/W2102475112","https://openalex.org/W2533677686","https://openalex.org/W2743104969","https://openalex.org/W2804240301","https://openalex.org/W2806944993","https://openalex.org/W2891316582","https://openalex.org/W2907492528","https://openalex.org/W2962756421","https://openalex.org/W2963919031","https://openalex.org/W2990619902","https://openalex.org/W2995462150","https://openalex.org/W2997591727","https://openalex.org/W3034233059","https://openalex.org/W3038175633","https://openalex.org/W3087318471","https://openalex.org/W3157391927","https://openalex.org/W4226062740","https://openalex.org/W4294791300","https://openalex.org/W4308632305","https://openalex.org/W4389628379"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W4242728933","https://openalex.org/W2493430149","https://openalex.org/W3088911518","https://openalex.org/W4385250032"],"abstract_inverted_index":{"Domain":[0],"blocklists":[1,14,42],"play":[2],"an":[3],"important":[4],"role":[5],"in":[6,17,57,118,141,196,269],"blocking":[7],"malicious":[8,75,83,92,123,153,168,190,207,239,244,263],"domains":[9,76,84,93,117,124,140,169,240,264],"reaching":[10],"users.":[11],"However,":[12],"existing":[13,41],"are":[15,144,266,271],"reactive":[16,87,127],"nature":[18],"and":[19,43,163,182,204,224],"slow":[20],"to":[21,23,37,59,115,130,150,188,279],"react":[22],"attacks,":[24,101],"by":[25],"which":[26],"time":[27],"the":[28,38,55,71,96,119,131,142,157,175,256],"damage":[29],"is":[30,34,64,148,194],"already":[31],"caused.":[32],"This":[33],"mainly":[35],"due":[36],"fact":[39],"that":[40,91,161,197,259,265],"reputation":[44],"systems":[45],"rely":[46],"on":[47],"either":[48],"website":[49,63],"content":[50],"or":[51,103],"user":[52],"interactions":[53],"with":[54,156,201],"websites":[56],"order":[58],"ascertain":[60],"if":[61],"a":[62,79,178,184,247],"malicious.":[65,145],"In":[66],"this":[67,107],"work,":[68],"we":[69,109,159,254],"explore":[70],"possibility":[72],"of":[73,82,121,134,251,261],"predicting":[74],"proactively,":[77],"given":[78],"seed":[80,122,243],"list":[81],"from":[85,126,170,218],"such":[86,139],"blocklists.":[88,128],"We":[89,173,209],"observe":[90,255],"often":[94],"share":[95],"infrastructure":[97,176],"utilized":[98],"for":[99,233,241],"previous":[100],"reuse":[102],"rotate":[104],"resources.":[105],"Leveraging":[106],"observation,":[108],"selectively":[110],"crawl":[111],"passive":[112],"DNS":[113],"data":[114,217],"identify":[116,151,160],"\"neighborhood\"":[120],"extracted":[125],"Due":[129],"increased":[132],"utilization":[133],"cloud":[135],"hosting,":[136],"not":[137],"all":[138],"neighborhood":[143],"Further":[146],"vetting":[147],"required":[149],"unseen":[152,238],"domains.":[154,191,208],"Along":[155],"proximity,":[158],"hosting":[162],"lexical":[164],"features":[165],"help":[166],"distinguish":[167],"benign":[171],"ones.":[172],"model":[174,283],"as":[177],"heterogeneous":[179],"network":[180,187],"graph":[181,185],"design":[183],"neural":[186],"detect":[189,205],"Our":[192,226],"approach":[193,212,232],"blocklist-agnostic":[195],"it":[198],"can":[199],"work":[200],"any":[202],"blocklist":[203],"new":[206],"demonstrate":[210],"our":[211,231,282],"utilizing":[213],"7":[214],"month":[215],"longitudinal":[216],"three":[219],"popular":[220],"blocklists,":[221],"PhishTank,":[222],"OpenPhish,":[223],"VirusTotal.":[225],"experimental":[227],"results":[228],"show":[229],"that,":[230],"VirusTotal":[234,270],"feed":[235],"detects":[236,284],"4.7":[237],"every":[242],"domain":[245],"at":[246],"very":[248],"low":[249],"FPR":[250],"0.059.":[252],"Further,":[253],"concerning":[257],"trend":[258],"47%":[260],"predicted":[262],"later":[267],"flagged":[268],"identified":[272],"only":[273],"after":[274],"more":[275],"than":[276],"3":[277],"weeks":[278],"months":[280],"since":[281],"them.":[285]},"counts_by_year":[{"year":2025,"cited_by_count":3}],"updated_date":"2025-12-27T23:08:20.325037","created_date":"2025-10-10T00:00:00"}