{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,19]],"date-time":"2026-02-19T07:15:12Z","timestamp":1771485312172,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":64,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,7,2]],"date-time":"2019-07-02T00:00:00Z","timestamp":1562025600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,7,2]]},"DOI":"10.1145\/3321705.3329834","type":"proceedings-article","created":{"date-parts":[[2019,7,9]],"date-time":"2019-07-09T12:53:20Z","timestamp":1562676800000},"page":"193-205","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":19,"title":["A Decade of Mal-Activity Reporting"],"prefix":"10.1145","author":[{"given":"Benjamin Zi Hao","family":"Zhao","sequence":"first","affiliation":[{"name":"University of New South Wales & Data61, CSIRO, Sydney, Australia"}]},{"given":"Muhammad","family":"Ikram","sequence":"additional","affiliation":[{"name":"Macquarie University & University of Michigan, Sydney, Australia"}]},{"given":"Hassan Jameel","family":"Asghar","sequence":"additional","affiliation":[{"name":"Macquarie University, Sydney, Australia"}]},{"given":"Mohamed Ali","family":"Kaafar","sequence":"additional","affiliation":[{"name":"Macquarie University, Sydney, Australia"}]},{"given":"Abdelberi","family":"Chaabane","sequence":"additional","affiliation":[{"name":"No Affiliation, Paris, France"}]},{"given":"Kanchana","family":"Thilakarathna","sequence":"additional","affiliation":[{"name":"The University of Sydney, Sydney, Australia"}]}],"member":"320","published-online":{"date-parts":[[2019,7,2]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"360mirascanner dataset. http:\/\/data.netlab.360.com\/mirai-scanner\/.  360mirascanner dataset. http:\/\/data.netlab.360.com\/mirai-scanner\/."},{"key":"e_1_3_2_1_2_1","unstructured":"Android Malware Tracker. https:\/\/amtrckr.info.  Android Malware Tracker. https:\/\/amtrckr.info."},{"key":"e_1_3_2_1_3_1","unstructured":"AS Rank: AS Ranking - CAIDA. http:\/\/as-rank.caida.org.  AS Rank: AS Ranking - CAIDA. http:\/\/as-rank.caida.org."},{"key":"e_1_3_2_1_4_1","unstructured":"CIPB - Allocation of IP addresses by Country. https:\/\/www.countryipblocks.net\/ allocation-of-ip-addresses-by-country.php.  CIPB - Allocation of IP addresses by Country. https:\/\/www.countryipblocks.net\/ allocation-of-ip-addresses-by-country.php."},{"key":"e_1_3_2_1_5_1","unstructured":"CruzIT.com Server Blocklist. http:\/\/www.cruzit.com\/wbl.php.  CruzIT.com Server Blocklist. http:\/\/www.cruzit.com\/wbl.php."},{"key":"e_1_3_2_1_6_1","unstructured":"Cybercrime blacklist. http:\/\/cybercrime-tracker.net\/.  Cybercrime blacklist. http:\/\/cybercrime-tracker.net\/."},{"key":"e_1_3_2_1_7_1","unstructured":"Dshield list. https:\/\/www.dshield.org\/suspicious_domains.html.  Dshield list. https:\/\/www.dshield.org\/suspicious_domains.html."},{"key":"e_1_3_2_1_8_1","unstructured":"Feodo botnet tracker. https:\/\/feodotracker.abuse.ch\/.  Feodo botnet tracker. https:\/\/feodotracker.abuse.ch\/."},{"key":"e_1_3_2_1_9_1","unstructured":"Financial Cyber Threats in 2013. Part 1: Phishing. https:\/\/securelist.com\/financial-cyber-threats-in-2013-part-1-phishing\/59411\/.  Financial Cyber Threats in 2013. Part 1: Phishing. https:\/\/securelist.com\/financial-cyber-threats-in-2013-part-1-phishing\/59411\/."},{"key":"e_1_3_2_1_10_1","unstructured":"GeoIP Products--MaxMind Developer Site. http:\/\/dev.maxmind.com\/geoip\/.  GeoIP Products--MaxMind Developer Site. http:\/\/dev.maxmind.com\/geoip\/."},{"key":"e_1_3_2_1_11_1","unstructured":"h3x -- Malware Corpus Tracker. https:\/\/tracker.h3x.eu.  h3x -- Malware Corpus Tracker. https:\/\/tracker.h3x.eu."},{"key":"e_1_3_2_1_12_1","unstructured":"hphosts lists. https:\/\/www.hosts-file.net\/.  hphosts lists. https:\/\/www.hosts-file.net\/."},{"key":"e_1_3_2_1_13_1","unstructured":"Internet archive: Wayback machine. https:\/\/archive.org\/web\/.  Internet archive: Wayback machine. https:\/\/archive.org\/web\/."},{"key":"e_1_3_2_1_14_1","unstructured":"malc0de blacklist. http:\/\/malc0de.com\/database\/.  malc0de blacklist. http:\/\/malc0de.com\/database\/."},{"key":"e_1_3_2_1_15_1","unstructured":"Malware domain list. https:\/\/www.malwaredomainlist.com\/.  Malware domain list. https:\/\/www.malwaredomainlist.com\/."},{"key":"e_1_3_2_1_16_1","unstructured":"MalwareBlackList. http:\/\/www.malwareblacklist.com\/showMDL.php.  MalwareBlackList. http:\/\/www.malwareblacklist.com\/showMDL.php."},{"key":"e_1_3_2_1_17_1","unstructured":"Malwareurl dataset. https:\/\/www.malwareurl.com\/. The dataset is no longer publicly available access via wayback machine.  Malwareurl dataset. https:\/\/www.malwareurl.com\/. The dataset is no longer publicly available access via wayback machine."},{"key":"e_1_3_2_1_18_1","unstructured":"Openphish dataset. https:\/\/openphish.com\/.  Openphish dataset. https:\/\/openphish.com\/."},{"key":"e_1_3_2_1_19_1","unstructured":"Palevotracker dataset. https:\/\/web.archive.org\/web\/*\/http:\/\/palevotracker.abuse.ch\/. Currently discontinued pre-2017 access through Wayback Machine.  Palevotracker dataset. https:\/\/web.archive.org\/web\/*\/http:\/\/palevotracker.abuse.ch\/. Currently discontinued pre-2017 access through Wayback Machine."},{"key":"e_1_3_2_1_20_1","unstructured":"Phishtank: Out of the net into the tank. https:\/\/www.phishtank.com\/.  Phishtank: Out of the net into the tank. https:\/\/www.phishtank.com\/."},{"key":"e_1_3_2_1_21_1","unstructured":"Potaroo: BGP Reports. http:\/\/bgp.potaroo.net\/as1221\/.  Potaroo: BGP Reports. http:\/\/bgp.potaroo.net\/as1221\/."},{"key":"e_1_3_2_1_22_1","unstructured":"Ransomeware tracker list. https:\/\/ransomwaretracker.abuse.ch\/.  Ransomeware tracker list. https:\/\/ransomwaretracker.abuse.ch\/."},{"key":"e_1_3_2_1_23_1","unstructured":"Route views project. http:\/\/www.routeviews.org\/.  Route views project. http:\/\/www.routeviews.org\/."},{"key":"e_1_3_2_1_24_1","unstructured":"Sambreel is Still Injecting Ads. Video Advertisers Beware. http:\/\/spider.io\/blog\/2013\/08\/sambreel-is-still-injecting-ads-video-advertisers-beware.  Sambreel is Still Injecting Ads. Video Advertisers Beware. http:\/\/spider.io\/blog\/2013\/08\/sambreel-is-still-injecting-ads-video-advertisers-beware."},{"key":"e_1_3_2_1_25_1","unstructured":"Shodan. https:\/\/www.shodan.io.  Shodan. https:\/\/www.shodan.io."},{"key":"e_1_3_2_1_26_1","unstructured":"Spamhaus feeds. https:\/\/www.spamhaus.org\/.  Spamhaus feeds. https:\/\/www.spamhaus.org\/."},{"key":"e_1_3_2_1_27_1","unstructured":"Spyeye dataset. https:\/\/web.archive.org\/web\/*\/https:\/\/spyeyetracker.abuse.ch\/. Currently discontinued pre-2018 access through Wayback Machine.  Spyeye dataset. https:\/\/web.archive.org\/web\/*\/https:\/\/spyeyetracker.abuse.ch\/. Currently discontinued pre-2018 access through Wayback Machine."},{"key":"e_1_3_2_1_28_1","unstructured":"SSLBL Blacklist. https:\/\/sslbl.abuse.ch\/.  SSLBL Blacklist. https:\/\/sslbl.abuse.ch\/."},{"key":"e_1_3_2_1_29_1","unstructured":"Urlquery dataset. https:\/\/urlquery.net\/.  Urlquery dataset. https:\/\/urlquery.net\/."},{"key":"e_1_3_2_1_30_1","unstructured":"VirusTotal. https:\/\/www.virustotal.com\/.  VirusTotal. https:\/\/www.virustotal.com\/."},{"key":"e_1_3_2_1_31_1","unstructured":"Webiron blacklist. https:\/\/www.webiron.com\/rbl.html.  Webiron blacklist. https:\/\/www.webiron.com\/rbl.html."},{"key":"e_1_3_2_1_32_1","unstructured":"Zeustracker dataset. https:\/\/zeustracker.abuse.ch\/.  Zeustracker dataset. https:\/\/zeustracker.abuse.ch\/."},{"key":"e_1_3_2_1_33_1","volume-title":"USENIX Security","author":"Antonakakis M.","year":"2017","unstructured":"Antonakakis , M. , April , T. , Bailey , M. , Bernhard , M. , Bursztein , E. , Cochran , J. , Durumeric , Z. , Halderman , J. A. , Invernizzi , L. , Kallitsis , M. , Kumar , D. , Lever , C. , Ma , Z. , Mason , J. , Menscher , D. , Seaman , C. , Sullivan , N. , Thomas , K. , and Zhou , Y . Understanding the mirai botnet . In USENIX Security ( 2017 ). Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., Durumeric, Z., Halderman, J. A., Invernizzi, L., Kallitsis, M., Kumar, D., Lever, C., Ma, Z., Mason, J., Menscher, D., Seaman, C., Sullivan, N., Thomas, K., and Zhou, Y. Understanding the mirai botnet. In USENIX Security (2017)."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/NCA.2009.56"},{"key":"e_1_3_2_1_35_1","volume-title":"NDSS","author":"Bilge L.","year":"2011","unstructured":"Bilge , L. , Kirda , E. , Kruegel , C. , and Balduzzi , M . Exposure: Finding malicious domains using passive dns analysis . In NDSS ( 2011 ). Bilge, L., Kirda, E., Kruegel, C., and Balduzzi, M. Exposure: Finding malicious domains using passive dns analysis. In NDSS (2011)."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3038912.3052654"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663729"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2011.2119327"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/ECRIME.2017.7945050"},{"key":"e_1_3_2_1_40_1","volume-title":"CSS","author":"Gu G.","year":"2008","unstructured":"Gu , G. , Perdisci , R. , Zhang , J. , and Lee , W . Botminer: Clustering analysis of network traffic for protocol- and structure-independent botnet detection . In CSS ( 2008 ). Gu, G., Perdisci, R., Zhang, J., and Lee, W. Botminer: Clustering analysis of network traffic for protocol- and structure-independent botnet detection. In CSS (2008)."},{"key":"e_1_3_2_1_41_1","unstructured":"Hickey A. R. Amazon Cloud Used To Steal Financial Data. https:\/\/www.crn.com\/news\/cloud\/229900191\/amazon-cloud-used-to-steal-financial-data.htm.  Hickey A. R. Amazon Cloud Used To Steal Financial Data. https:\/\/www.crn.com\/news\/cloud\/229900191\/amazon-cloud-used-to-steal-financial-data.htm."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/NCA.2017.8171376"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3308558.3313521"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3121134"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/2987443.2987471"},{"key":"e_1_3_2_1_46_1","unstructured":"Kovacs E. Amazon Web Services Increasingly Used to Host Malware: Report. https:\/\/www.securityweek.com\/amazon-web-services-increasingly-used-host-malware-report.  Kovacs E. Amazon Web Services Increasingly Used to Host Malware: Report. https:\/\/www.securityweek.com\/amazon-web-services-increasingly-used-host-malware-report."},{"key":"e_1_3_2_1_47_1","volume-title":"RAID","author":"K\u00fchrer M.","year":"2014","unstructured":"K\u00fchrer , M. , Rossow , C. , and Holz , T . Paint it black: Evaluating the effectiveness of malware blacklists . In RAID ( 2014 ). K\u00fchrer, M., Rossow, C., and Holz, T. Paint it black: Evaluating the effectiveness of malware blacklists. In RAID (2014)."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/1978672.1978678"},{"key":"e_1_3_2_1_49_1","volume-title":"S&P","author":"Lever C.","year":"2017","unstructured":"Lever , C. , Kotzias , P. , Balzarotti , D. , Caballero , J. , and Antonakakis , M . A lustrum of malware network communication: Evolution and insights . In S&P ( 2017 ). Lever, C., Kotzias, P., Balzarotti, D., Caballero, J., and Antonakakis, M. A lustrum of malware network communication: Evolution and insights. In S&P (2017)."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382267"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/1533057.1533062"},{"key":"e_1_3_2_1_52_1","volume-title":"Exploitation kits revealed - mpack","author":"Martin A.","year":"2007","unstructured":"Martin , A. Exploitation kits revealed - mpack ( 2007 ). https:\/\/www.sans.org\/reading-room\/whitepapers\/malicious\/exploitation-kits-revealed-mpack-2039. Martin, A. Exploitation kits revealed - mpack (2007). https:\/\/www.sans.org\/reading-room\/whitepapers\/malicious\/exploitation-kits-revealed-mpack-2039."},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.5555\/1953048.2078195"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2010.06.004"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/1971162.1971171"},{"key":"e_1_3_2_1_56_1","volume-title":"INFOCOM","author":"Shin S.","year":"2012","unstructured":"Shin , S. , Xu , Z. , and Gu , G . Effort: Efficient and effective bot malware detection . In INFOCOM ( 2012 ). Shin, S., Xu, Z., and Gu, G. Effort: Efficient and effective bot malware detection. In INFOCOM (2012)."},{"key":"e_1_3_2_1_57_1","first-page":"4","volume":"11","author":"Stone-Gross B.","year":"2011","unstructured":"Stone-Gross , B. , Holz , T. , Stringhini , G. , and Vigna , G. The underground economy of spam: A botmaster's perspective of coordinating large-scale spam campaigns. LEET 11 ( 2011 ), 4 -- 4 . Stone-Gross, B., Holz, T., Stringhini, G., and Vigna, G. The underground economy of spam: A botmaster's perspective of coordinating large-scale spam campaigns. LEET 11 (2011), 4--4.","journal-title":"LEET"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2009.29"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/2187836.2187928"},{"key":"e_1_3_2_1_60_1","volume-title":"ESORICS","author":"Wurzinger P.","year":"2009","unstructured":"Wurzinger , P. , Bilge , L. , Holz , T. , Goebel , J. , Kruegel , C. , and Kirda , E . Automatically generating models for botnet detection . In ESORICS ( 2009 ). Wurzinger, P., Bilge, L., Holz, T., Goebel, J., Kruegel, C., and Kirda, E. Automatically generating models for botnet detection. In ESORICS (2009)."},{"key":"e_1_3_2_1_61_1","volume-title":"Detecting algorithmically generated domain-flux attacks with dns traffic analysis","author":"Yadav S.","year":"2012","unstructured":"Yadav , S. , Reddy , A. K. K. , Reddy , A. L. N. , and Ranjan , S . Detecting algorithmically generated domain-flux attacks with dns traffic analysis . IEEE\/ACM Trans. Netw . ( 2012 ). Yadav, S., Reddy, A. K. K., Reddy, A. L. N., and Ranjan, S. Detecting algorithmically generated domain-flux attacks with dns traffic analysis. IEEE\/ACM Trans. Netw. (2012)."},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICNP.2006.320196"},{"key":"e_1_3_2_1_63_1","volume-title":"DSN","author":"Zeng Y.","year":"2010","unstructured":"Zeng , Y. , Hu , X. , and Shin , K. G . Detection of botnets using combined host- and network-level information . In DSN ( 2010 ). Zeng, Y., Hu, X., and Shin, K. G. Detection of botnets using combined host- and network-level information. In DSN (2010)."},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2013.04.007"}],"event":{"name":"Asia CCS '19: ACM Asia Conference on Computer and Communications Security","location":"Auckland New Zealand","acronym":"Asia CCS '19","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3321705.3329834","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3321705.3329834","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:54:39Z","timestamp":1750204479000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3321705.3329834"}},"subtitle":["A Retrospective Analysis of Internet Malicious Activity Blacklists"],"short-title":[],"issued":{"date-parts":[[2019,7,2]]},"references-count":64,"alternative-id":["10.1145\/3321705.3329834","10.1145\/3321705"],"URL":"https:\/\/doi.org\/10.1145\/3321705.3329834","relation":{},"subject":[],"published":{"date-parts":[[2019,7,2]]},"assertion":[{"value":"2019-07-02","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}