research-article

Open access

Predicting Impending Exposure to Malicious Content from User Behavior

Authors:

Mahmood Sharif,

Jumpei Urakawa,

Nicolas Christin,

Akira YamadaAuthors Info & Claims

CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

Pages 1487 - 1501

https://doi.org/10.1145/3243734.3243779

Published: 15 October 2018 Publication History

Abstract

Many computer-security defenses are reactive---they operate only when security incidents take place, or immediately thereafter. Recent efforts have attempted to predict security incidents before they occur, to enable defenders to proactively protect their devices and networks. These efforts have primarily focused on long-term predictions. We propose a system that enables proactive defenses at the level of a single browsing session. By observing user behavior, it can predict whether they will be exposed to malicious content on the web seconds before the moment of exposure, thus opening a window of opportunity for proactive defenses. We evaluate our system using three months' worth of HTTP traffic generated by 20,645 users of a large cellular provider in 2017 and show that it can be helpful, even when only very low false positive rates are acceptable, and despite the difficulty of making "on-the-fly'' predictions. We also engage directly with the users through surveys asking them demographic and security-related questions, to evaluate the utility of self-reported data for predicting exposure to malicious content. We find that self-reported data can help forecast exposure risk over long periods of time. However, even on the long-term, self-reported data is not as crucial as behavioral measurements to accurately predict exposure.

Supplementary Material

MP4 File (p1487-sharif.mp4)

Download
378.38 MB

References

[1]

Martín Abadi, Paul Barham, Jianmin Chen, Zhifeng Chen, Andy Davis, Jeffrey Dean, Matthieu Devin, Sanjay Ghemawat, Geoffrey Irving, Michael Isard, Manjunath Kudlur, Josh Levenberg, Rajat Monga, Sherry Moore, Derek G. Murray, Benoit Steiner, Paul Tucker, Vijay Vasudevan, Pete Warden, Martin Wicke, Yuan Yu, and Xiaoqiang Zheng. 2016. TensorFlow: A System for Large-Scale Machine Learning Proc. OSDI.

Digital Library

[2]

Maarten Aertsen, Maciej Korczy'nski, Giovane Moura, Samaneh Tajalizadehkhoob, and Jan van den Berg. 2017. No domain left behind: is Let's Encrypt democratizing encryption? Proc. ANRW.

Digital Library

[3]

Hazim Almuhimedi, Florian Schaub, Norman Sadeh, Idris Adjerid, Alessandro Acquisti, Joshua Gluck, Lorrie Faith Cranor, and Yuvraj Agarwal. 2015. Your location has been shared 5,398 times!: A field study on mobile app privacy nudging Proc. CHI.

Digital Library

[4]

Manos Antonakakis, Roberto Perdisci, David Dagon, Wenke Lee, and Nick Feamster. 2010. Building a Dynamic Reputation System for DNS. In Proc. USENIX Security.

Digital Library

[5]

Daniel Arp, Michael Spreitzenbarth, Malte Hubner, Hugo Gascon, Konrad Rieck, and CERT Siemens. 2014. DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket Proc. NDSS.

[6]

Dzmitry Bahdanau, Kyunghyun Cho, and Yoshua Bengio. 2015. Neural machine translation by jointly learning to align and translate Proc. ICLR.

[7]

Rodrigo Benenson. 2017. What is the class of this image? Discover the current state of the art in objects classification. https://goo.gl/3wucZd. (2017). Online; accessed 2 May 2018.

[8]

Leyla Bilge and Tudor Dumitras. 2012. Before We Knew It: An Empirical Study of Zero-day Attacks in the Real World Proc. CCS.

Digital Library

[9]

Leyla Bilge, Yufei Han, and Matteo Dell'Amico. 2017. RiskTeller: Predicting the Risk of Cyber Incidents Proc. CCS.

Digital Library

[10]

Davide Canali, Leyla Bilge, and Davide Balzarotti. 2014. On the effectiveness of risk prediction based on users browsing behavior Proc. AsiaCCS.

Digital Library

[11]

Casey Canfield, Alex Davis, Baruch Fischhoff, Alain Forget, Sarah Pearman, and Jeremy Thomas. 2017. Replication: Challenges in Using Data Logs to Validate Phishing Detection Ability Metrics Proc. SOUPS.

Digital Library

[12]

Yannick Carlinet, Ludovic Mé, Hervé Debar, and Yvon Gourhant. 2008. Analysis of computer infection risk factors based on customer network usage Proc. SECURWARE.

Digital Library

[13]

Nitesh V Chawla, Kevin W Bowyer, Lawrence O Hall, and W Philip Kegelmeyer. 2002. SMOTE: synthetic minority over-sampling technique. Journal of artificial intelligence research Vol. 16 (2002), 321--357.

[14]

Nicolas Christin, Serge Egelman, Timothy Vidas, and Jens Grossklags. 2011. It's all about the Benjamins: An empirical study on incentivizing users to ignore security advice Proc. FC.

Digital Library

[15]

Chronicle. 2004--. VirusTotal. https://www.virustotal.com/. (2004--). Online; accessed 8 May 2018.

[16]

Christopher Clark and Amos Storkey. 2015. Training Deep Convolutional Neural Networks to Play Go Proc. ICML.

Digital Library

[17]

Adam Coates, Andrew Ng, and Honglak Lee. 2011. An analysis of single-layer networks in unsupervised feature learning Proc. AISTATS.

[18]

Selenium contributors. 2004--. SeleniumHQ Browser Automation. http://www.seleniumhq.org/. (2004--). Online; accessed 2 May 2018.

[19]

Aldo Cortesi, Maximilian Hils, Thomas Kriechbaumer, and contributors. 2010--. mitmproxy: A free and open source interactive HTTPS proxy. (2010--). https://mitmproxy.org/ Online; accessed 2 May 2018.

[20]

Anupam Datta, Shayak Sen, and Yair Zick. 2016. Algorithmic transparency via quantitative input influence: Theory and experiments with learning systems. In Proc. IEEE S&P.

[21]

Serge Egelman, Marian Harbach, and Eyal Peer. 2016. Behavior Ever Follows Intention?: A Validation of the Security Behavior Intentions Scale (SeBIS). In Proc. CHI.

Digital Library

[22]

Serge Egelman and Eyal Peer. 2015 a. The myth of the average user: Improving privacy and security systems through individualization Proc. NSPW.

Digital Library

[23]

Serge Egelman and Eyal Peer. 2015 b. Predicting privacy and security attitudes. ACM SIGCAS Computers and Society Vol. 45, 1 (2015), 22--28.

Digital Library

[24]

Serge Egelman and Eyal Peer. 2015 c. Scaling the Security Wall: Developing a Security Behavior Intentions Scale (SeBIS) Proc. CHI.

Digital Library

[25]

Seyed Kaveh Fayaz, Yoshiaki Tobioka, Vyas Sekar, and Michael Bailey. 2015. Bohatei: Flexible and Elastic DDoS Defense. In Proc. USENIX Security.

Digital Library

[26]

Adrienne Porter Felt, Alex Ainslie, Robert W Reeder, Sunny Consolvo, Somas Thyagaraja, Alan Bettes, Helen Harris, and Jeff Grimes. 2015. Improving SSL warnings: Comprehension and adherence Proc. CHI.

Digital Library

[27]

Adrienne Porter Felt, Matthew Finifter, Erika Chin, Steve Hanna, and David Wagner. 2011. A survey of mobile malware in the wild. In Proc. SPSM Workshop.

Digital Library

[28]

Alain Forget, Sarah Pearman, Jeremy Thomas, Alessandro Acquisti, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, Marian Harbach, and Rahul Telang. 2016. Do or do not, there is no try: user engagement may not improve security outcomes Proc. SOUPS.

Digital Library

[29]

Xavier Glorot, Antoine Bordes, and Yoshua Bengio. 2011. Deep sparse rectifier neural networks. In Proc. AISTATS.

[30]

Ian Goodfellow, Yoshua Bengio, and Aaron Courville. 2016. Deep Learning. MIT Press. http://www.deeplearningbook.org

Digital Library

[31]

Google. 2008--. Google Safe Browsing. https://safebrowsing.google.com/. (2008--). Online; accessed 5 August 2018.

[32]

Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee. 2008 a. BotMiner: Clustering Analysis of Network Traffic for Protocol-and Structure-Independent Botnet Detection. In Proc. USENIX Security.

Digital Library

[33]

Guofei Gu, Junjie Zhang, and Wenke Lee. 2008 b. BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic Proc. NDSS.

[34]

Shuang Hao, Alex Kantchelian, Brad Miller, Vern Paxson, and Nick Feamster. 2016. PREDATOR: proactive recognition and elimination of domain abuse at time-of-registration Proc. CCS.

Digital Library

[35]

Haibo He, Yang Bai, Edwardo A Garcia, and Shutao Li. 2008. ADASYN: Adaptive synthetic sampling approach for imbalanced learning Proc. IJCNN.

[36]

Haibo He and Edwardo A Garcia. 2009. Learning from imbalanced data. IEEE Transactions on knowledge and data engineering, Vol. 21, 9 (2009), 1263--1284.

Digital Library

[37]

Tin Kam Ho. 1995. Random decision forests. In ICDAR.

[38]

Ling Huang, Anthony D Joseph, Blaine Nelson, Benjamin IP Rubinstein, and JD Tygar. 2011. Adversarial machine learning. In Proc. AISec.

Digital Library

[39]

Digital Arts Inc. 2009--. i-FILTER (Consumer). http://www.daj.jp/en/products/if_consumers/. (2009--). Online; accessed 2 May 2018.

[40]

Luca Invernizzi, Stanislav Miskovic, Ruben Torres, Christopher Kruegel, Sabyasachi Saha, Giovanni Vigna, Sung-Ju Lee, and Marco Mellia. 2014. Nazca: Detecting Malware Distribution in Large-Scale Networks Proc. NDSS.

[41]

Jonathan Taylor Josef Perktold, Skipper Seabold. 2012--. statsmodels. http://www.statsmodels.org/. (2012--). Online; accessed 2 May 2018.

[42]

Chanhyun Kang, Noseong Park, B Aditya Prakash, Edoardo Serra, and VS Subrahmanian. 2016. Ensemble models for data-driven prediction of malware infections Proc. WSDM.

Digital Library

[43]

Keras. 2017. Keras: The Python Deep Learning library. https://keras.io. (2017). Online; accessed 2 May 2018.

[44]

Ponnurangam Kumaraguru, Steve Sheng, Alessandro Acquisti, Lorrie Faith Cranor, and Jason Hong. 2010. Teaching Johnny not to fall for phish. ACM Transactions on Internet Technology (TOIT), Vol. 10, 2 (2010), 7.

Digital Library

[45]

Fanny Lalonde Levesque, Jude Nsiempba, José M Fernandez, Sonia Chiasson, and Anil Somayaji. 2013. A clinical study of risk factors related to malware infections Proc. CCS.

Digital Library

[46]

Mathias Lecuyer, Riley Spahn, Roxana Geambasu, Tzu-Kuo Huang, and Siddhartha Sen. 2017. Pyramid: Enhancing Selectivity in Big Data Protection with Count Featurization Proc. IEEE S&P.

[47]

Martin Lee. 2012. Who's next? Identifying risks factors for subjects of targeted attacks Proc. Virus Bull. Conf.

[48]

Nektarios Leontiadis and Nicolas Christin. 2014. Empirically measuring WHOIS misuse. In Proc. ESORICS.

Digital Library

[49]

Charles Lever, Manos Antonakakis, Bradley Reaves, Patrick Traynor, and Wenke Lee. 2013. The Core of the Matter: Analyzing Malicious Traffic in Cellular Carriers Proc. NDSS.

[50]

Fanny Lalonde Lévesque, José M Fernandez, and Anil Somayaji. 2014. Risk prediction of malware victimization based on user behavior Proc. MALWARE.

[51]

Yang Liu, Armin Sarabi, Jing Zhang, Parinaz Naghizadeh, Manish Karir, Michael Bailey, and Mingyan Liu. 2015. Cloudy with a Chance of Breach: Forecasting Cyber Security Incidents Proc. USENIX Security.

Digital Library

[52]

Gregor Maier, Anja Feldmann, Vern Paxson, Robin Sommer, and Matthias Vallentin. 2011. An assessment of overt malicious activity manifest in residential networks Proc. DIMVA.

Digital Library

[53]

K.L. Manfreda, M. Bosnjak, J. Berzelak, I. Haas, and V. Vehovar. 2008. Web Surveys versus Other Survey Modes: A Meta-Analysis Comparing Response Rates. International Journal of Market Research Vol. 50 (2008), 79--104.

[54]

Michelle L Mazurek, Saranga Komanduri, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Patrick Gage Kelley, Richard Shay, and Blase Ur. 2013. Measuring password guessability for an entire university Proc. CCS.

Digital Library

[55]

Katherine L Milkman, Dolly Chugh, and Max H Bazerman. 2009. How can decision making be improved? Perspectives on psychological science Vol. 4, 4 (2009), 379--383.

[56]

Terry Nelms, Roberto Perdisci, and Mustaque Ahamad. 2013. ExecScent: Mining for New C&C Domains in Live Networks with Adaptive Control Protocol Templates. In Proc. USENIX Security.

Digital Library

[57]

Terry Nelms, Roberto Perdisci, Manos Antonakakis, and Mustaque Ahamad. 2015. WebWitness: Investigating, Categorizing, and Mitigating Malware Download Paths Proc. USENIX Security.

Digital Library

[58]

Kaan Onarlioglu, Utku Ozan Yilmaz, Engin Kirda, and Davide Balzarotti. 2012. Insights into User Behavior in Dealing with Internet Attacks Proc. NDSS.

[59]

Michael Ovelgönne, Tudor Dumitras, B Aditya Prakash, VS Subrahmanian, and Benjamin Wang. 2017. Understanding the Relationship between Human Behavior and Susceptibility to Cyber Attacks: A Data-Driven Approach. ACM Transactions on Intelligent Systems and Technology (TIST), Vol. 8, 4 (2017), 51.

Digital Library

[60]

Vern Paxson. 1999. Bro: a system for detecting network intruders in real-time. Computer networks, Vol. 31, 23 (1999), 2435--2463.

Digital Library

[61]

M Zubair Rafique, Tom Van Goethem, Wouter Joosen, Christophe Huygens, and Nick Nikiforakis. 2016. It's free for a reason: Exploring the ecosystem of free live streaming services Proc. NDSS.

[62]

Arun Raghuramu, Parth H Pathak, Hui Zang, Jinyoung Han, Chang Liu, and Chen-Nee Chuah. 2016. Uncovering the footprints of malicious traffic in wireless/mobile networks. Computer Communications Vol. 95 (2016), 95--107.

[63]

Moheeb Abu Rajab, Lucas Ballard, Noé Lutz, Panayiotis Mavrommatis, and Niels Provos. 2013. CAMP: Content-Agnostic Malware Protection. In Proc. NDSS.

[64]

Elissa M Redmiles, Sean Kross, and Michelle L Mazurek. 2017. Where is the Digital Divide?: A Survey of Security, Privacy, and Socioeconomics Proc. CHI.

Digital Library

[65]

Elissa M Redmiles, Amelia R Malone, and Michelle L Mazurek. 2016. I Think They're Trying to Tell Me Something: Advice Sources and Selection for Digital Security Proc. IEEE S&P.

[66]

Marco Tulio Ribeiro, Sameer Singh, and Carlos Guestrin. 2016. Why should I trust you?: Explaining the predictions of any classifier Proc. KDD.

Digital Library

[67]

Konrad Rieck, Tammo Krueger, and Andreas Dewald. 2010. Cujo: efficient detection and prevention of drive-by-download attacks Proc. ACSAC.

Digital Library

[68]

Vera Rimmer, Davy Preuveneers, Marc Juarez, Tom Van Goethem, and Wouter Joosen. 2018. Automated Website Fingerprinting through Deep Learning Proc. NDSS.

[69]

Carl Sabottke, Octavian Suciu, and Tudor Dumitras. 2015. Vulnerability Disclosure in the Age of Social Media: Exploiting Twitter for Predicting Real-World Exploits. In Proc. USENIX Security.

Digital Library

[70]

George Saon, Hong-Kwang J Kuo, Steven Rennie, and Michael Picheny. 2016. The IBM 2015 English conversational telephone speech recognition system. arXiv preprint arXiv:1505.05899 (2016).

[71]

Armin Sarabi, Parinaz Naghizadeh, Yang Liu, and Mingyan Liu. 2016. Risky business: Fine-grained data breach prediction using business profiles. Journal of Cybersecurity Vol. 2, 1 (2016), 15--28.

[72]

Armin Sarabi, Ziyun Zhu, Chaowei Xiao, Mingyan Liu, and Tudor Dumitracs. 2017. Patch Me If You Can: A Study on the Effects of Individual User Behavior on the End-Host Vulnerability State. In International Conference on Passive and Active Network Measurement. Springer, 113--125.

[73]

Yukiko Sawaya, Mahmood Sharif, Nicolas Christin, Ayumu Kubota, Akhiro Nakarai, and Akira Yamada. 2017. Self-Confidence Trumps Knowledge: A Cross-Cultural Study of Security Behavior Proc. CHI.

Digital Library

[74]

Howard J Seltman. 2012. Experimental design and analysis. Pittsburgh: Carnegie Mellon University.

[75]

Steve Sheng, Mandy Holbrook, Ponnurangam Kumaraguru, Lorrie Faith Cranor, and Julie Downs. 2010. Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions. In Proc. CHI.

Digital Library

[76]

Kyle Soska and Nicolas Christin. 2014. Automatically Detecting Vulnerable Websites Before They Turn Malicious Proc. Usenix Security.

Digital Library

[77]

StatCounter. 2017. Browser market share Worldwide (July 2017). https://goo.gl/7KgmuK. (2017). Online; accessed 2 May 2018.

[78]

Gianluca Stringhini, Christopher Kruegel, and Giovanni Vigna. 2013. Shady paths: Leveraging surfing crowds to detect malicious web pages Proc. CCS.

Digital Library

[79]

Taosoftware. 2012--. tPacketCapture. https://goo.gl/d9AcQB. (2012--). Online; accessed 2 May 2018.

[80]

The Verge. 2017. 99.6 percent of new smartphones run Android or iOS. https://goo.gl/yMCGpW. (2017). Online; accessed 2 May 2018.

[81]

Olivier Thonnard, Leyla Bilge, Anand Kashyap, and Martin Lee. 2015. Are you at risk? Profiling organizations and individuals subject to targeted attacks Proc. FC.

[82]

Hien Thi Thu Truong, Eemil Lagerspetz, Petteri Nurmi, Adam J Oliner, Sasu Tarkoma, N Asokan, and Sourav Bhattacharya. 2014. The company you keep: Mobile malware infection rates and inexpensive risk indicators Proc. WWW.

Digital Library

[83]

Phani Vadrevu, Babak Rahbarinia, Roberto Perdisci, Kang Li, and Manos Antonakakis. 2013. Measuring and detecting malware downloads in live network traffic Proc. ESORICS.

[84]

Anthony Vance, Brock Kirwan, Daniel Bjorn, Jeffrey Jenkins, and Bonnie Brinton Anderson. 2017. What Do We Really Know About How Habituation to Warnings Occurs Over Time?: A Longitudinal fMRI Study of Habituation and Polymorphic Warnings Proc. CHI.

Digital Library

[85]

Gang Wang, Tristan Konolige, Christo Wilson, Xiao Wang, Haitao Zheng, and Ben Y. Zhao. 2013. You Are How You Click: Clickstream Analysis for Sybil Detection Proc. USENIX Security.

Digital Library

[86]

Rick Wash, Emilee Rader, and Chris Fennell. 2017. Can People Self-Report Security Accurately?: Agreement Between Self-Report and Behavioral Measures. In Proc. CHI.

Digital Library

[87]

Gilbert Wondracek, Thorsten Holz, Christian Platzer, Engin Kirda, and Christopher Kruegel. 2010. Is the Internet for Porn? An Insight Into the Online Adult Industry Proc. WEIS.

[88]

Guowu Xie, Marios Iliofotou, Thomas Karagiannis, Michalis Faloutsos, and Yaohui Jin. 2013. Resurf: Reconstructing web-surfing activity from network traffic Proc. IFIP Networking.

[89]

Wayne Xiong, Jasha Droppo, Xuedong Huang, Frank Seide, Mike Seltzer, Andreas Stolcke, Dong Yu, and Geoffrey Zweig. 2016. Achieving human parity in conversational speech recognition. arXiv preprint arXiv:1610.05256 (2016).

[90]

Ting-Fang Yen, Victor Heorhiadi, Alina Oprea, Michael K Reiter, and Ari Juels. 2014. An epidemiological study of malware encounters in a large enterprise Proc. CCS.

Digital Library

[91]

Junjie Zhang, Christian Seifert, Jack W Stokes, and Wenke Lee. 2011. Arrow: Generating signatures to detect drive-by downloads Proc. WWW.

Digital Library

[92]

Xiang Zhang, Junbo Zhao, and Yann LeCun. 2015. Character-level convolutional networks for text classification Proc. NIPS.

Digital Library

[93]

Yajin Zhou and Xuxian Jiang. 2012. Dissecting android malware: Characterization and evolution Proc. IEEE S&P.

Digital Library

[94]

Yajin Zhou, Zhi Wang, Wu Zhou, and Xuxian Jiang. 2012. Hey, you, get off of my market: detecting malicious apps in official and alternative android markets. In Proc. NDSS.

Cited By

Choo ENabeel MKim DDe Silva RYu TKhalil I(2024)A Large Scale Study and Classification of VirusTotal Reports on Phishing and Malware URLsACM SIGMETRICS Performance Evaluation Review10.1145/3673660.365504252:1(55-56)Online publication date: 13-Jun-2024
https://dl.acm.org/doi/10.1145/3673660.3655042
Choo ENabeel MKim DDe Silva RYu TKhalil IGaretto MMarin ACiucu FFanti GRighter R(2024)A Large Scale Study and Classification of VirusTotal Reports on Phishing and Malware URLsAbstracts of the 2024 ACM SIGMETRICS/IFIP PERFORMANCE Joint International Conference on Measurement and Modeling of Computer Systems10.1145/3652963.3655042(55-56)Online publication date: 10-Jun-2024
https://dl.acm.org/doi/10.1145/3652963.3655042
Meschini MTizio GBalduzzi MMassacci F(2024)A Case-Control Study to Measure Behavioral Risks of Malware Encounters in OrganizationsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.345696019(9419-9432)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3456960
Show More Cited By

Index Terms

Predicting Impending Exposure to Malicious Content from User Behavior
1. Computing methodologies
  1. Machine learning
    1. Machine learning approaches
      1. Neural networks
2. Security and privacy
  1. Human and societal aspects of security and privacy
  2. Network security

Recommendations

Predicting Malicious Behavior: Tools and Techniques for Ensuring Global Security
RTNSS: a routing trace-based network security system for preventing ARP spoofing attacks

The motion of address resolution protocol (ARP) is done without any problem in a general environment, but it is not considered from the security aspect; therefore, it risks being threatened by an attack from the network called ARP spoofing or ARP ...
Mitigating denial of service attacks: a tutorial

This tutorial describes what Denial of Service (DOS) attacks are. how they can be carried out in IP networks, and how one can defend against them. Distributed DoS (DDoS) attacks are included here as a subset of DoS attacks. A DoS attack has two phases: ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

October 2018

2359 pages

ISBN:9781450356930

DOI:10.1145/3243734

General Chairs:
David Lie
University of Toronto
,
Mohammad Mannan
Concordia University
,
Program Chairs:
Michael Backes
CISPA Helmholtz Center i.G.
,
XiaoFeng Wang
Indiana University

Copyright © 2018 Owner/Author.

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 October 2018

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

MURI

Conference

CCS '18

Sponsor:

SIGSAC

CCS '18: 2018 ACM SIGSAC Conference on Computer and Communications Security

October 15 - 19, 2018

Toronto, Canada

Acceptance Rates

CCS '18 Paper Acceptance Rate 134 of 809 submissions, 17%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

39
Total Citations
View Citations
2,109
Total Downloads

Downloads (Last 12 months)205
Downloads (Last 6 weeks)39

Reflects downloads up to 21 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Choo ENabeel MKim DDe Silva RYu TKhalil I(2024)A Large Scale Study and Classification of VirusTotal Reports on Phishing and Malware URLsACM SIGMETRICS Performance Evaluation Review10.1145/3673660.365504252:1(55-56)Online publication date: 13-Jun-2024
https://dl.acm.org/doi/10.1145/3673660.3655042
Choo ENabeel MKim DDe Silva RYu TKhalil IGaretto MMarin ACiucu FFanti GRighter R(2024)A Large Scale Study and Classification of VirusTotal Reports on Phishing and Malware URLsAbstracts of the 2024 ACM SIGMETRICS/IFIP PERFORMANCE Joint International Conference on Measurement and Modeling of Computer Systems10.1145/3652963.3655042(55-56)Online publication date: 10-Jun-2024
https://dl.acm.org/doi/10.1145/3652963.3655042
Meschini MTizio GBalduzzi MMassacci F(2024)A Case-Control Study to Measure Behavioral Risks of Malware Encounters in OrganizationsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.345696019(9419-9432)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3456960
Gupta KSaxena DGupta RKumar JSingh A(2024)FedMUPApplied Soft Computing10.1016/j.asoc.2024.111519157:COnline publication date: 1-May-2024
https://dl.acm.org/doi/10.1016/j.asoc.2024.111519
Gupta KSaxena DGupta RSingh A(2024)MAIDS: malicious agent identification-based data security model for cloud environmentsCluster Computing10.1007/s10586-023-04263-927:5(6167-6184)Online publication date: 23-Feb-2024
https://doi.org/10.1007/s10586-023-04263-9
Dambra SBilge LKotzias PShen YCaballero JCalandrino JTroncoso C(2023)One size does not fit allProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620555(5683-5700)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620555
Almashor MAhmed EPick BXue JAbuadbba SGaire RWang SCamtepe SNepal S(2023)Unraveling Threat Intelligence Through the Lens of Malicious URL CampaignsProceedings of the 18th Asian Internet Engineering Conference10.1145/3630590.3630600(78-86)Online publication date: 12-Dec-2023
https://dl.acm.org/doi/10.1145/3630590.3630600
Chi AAnderson BReiter M(2023)Prioritizing Remediation of Enterprise Hosts by Malware Execution RiskProceedings of the 39th Annual Computer Security Applications Conference10.1145/3627106.3627180(550-564)Online publication date: 4-Dec-2023
https://dl.acm.org/doi/10.1145/3627106.3627180
Saha Roy SKaranjit UNilizadeh SMontpetit MLeivadeas AUhlig SJaved M(2023)Phishing in the Free Waters: A Study of Phishing Attacks Created using Free Website Building ServicesProceedings of the 2023 ACM on Internet Measurement Conference10.1145/3618257.3624812(268-281)Online publication date: 24-Oct-2023
https://dl.acm.org/doi/10.1145/3618257.3624812
Wang JWang LDong FWang HMontpetit MLeivadeas AUhlig SJaved M(2023)Re-measuring the Label Dynamics of Online Anti-Malware Engines from Millions of SamplesProceedings of the 2023 ACM on Internet Measurement Conference10.1145/3618257.3624800(253-267)Online publication date: 24-Oct-2023
https://dl.acm.org/doi/10.1145/3618257.3624800
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents