The dataset, ‘FinalBlacklist’, is compiled from incidents from 2007-2017, and is anticipated to help cyber security specialists to derive new insights in the burgeoning industry.
Compiled by CSIRO’s Data61 and Macquarie University, in collaboration with Nokia Bell Labs and University of Sydney, the dataset's release was announced at D61+ Live in Sydney, with the collection of a total of 51.6 million mal-activity reports dating back to 2007 involving 662,000 unique IP addresses worldwide, which were categorised using machine learning techniques into six classes of mal-activity: malware, phishing, fraudulent services, potentially unwanted programs, exploits and spamming.
Professor Dali Kaafar, information security and privacy research leader at CSIRO’s Data61 and scientific director of Optus Macquarie University Cyber Security Hub, said that malicious software (or malware) has consistently been the weapon of choice for cyber criminals over the past decade.
“Last year the WannaCry ransomware attack affected more than 300,000 computers across 150 countries causing billions of dollars in damage. Ransomware remains a persistent threat as evidenced by the recent attacks against hospitals across Victoria,” Professor Kaafar said.
“Reports of phishing activities have also steadily risen with a spike in 2009 coinciding with the increased adoption of smartphones. In 2013, another spike was experienced, which can be linked to the growing popularity of digital payment systems which attracted unwanted attention from cyber criminals.
"Analysis of the retrospective dataset will allow researchers to identify how the sources, types and scale of different mal-activity has transformed over time, so that organisations can be better prepared against it.
“We’ve made this dataset available to the wider research community so it can be used to train algorithms to predict future instances of mal-activity before they happen.”
With the annual cost of cyber crime damages anticipated to rise to $6 trillion by 2021, its an issue that is only going to grow as the years go by.
Dr Liming Zhu, software and computational systems research director at CSIRO’s Data61, said researchers and organisations are locked in a perpetual arms race to combat widespread malicious activity on the internet.
“The insights that can be drawn from the FinalBlacklist dataset represent a significant contribution to cyber security research. A retrospective analysis of historical mal-activity trends could help reduce the impact of cyber crime on the economy,” Dr Zhu said.
Although other longitudinal datasets do exist, they are predominantly proprietary as industries are unable to share them due to privacy concerns and wanting to maintain a competitive advantage. The FinalBlacklist dataset has been made publicly available to drive further research.
“Our analysis revealed a consistent minority of repeat offenders that contributed a majority of the mal-activity reports. Detecting and quickly reacting to the emergence of these mal-activity contributors could significantly reduce the damage inflicted,” Professor Kaafar said.
The report included several simple tips to avoid malicious online activity, such as:
Keep your operating system current: Whether you’re running Windows, Mac OS X, Linux, or any other OS, keep it up to date. OS developers regularly issue security patches that fix and plug security leaks.
Don’t give in to ransom demands: If your device is infected by ransomware and you are locked out from accessing your files, don't pay the ransom. There are no guarantees that your files will be released when you are dealing with criminals.
Think before you click: Do not click on a link in an unsolicited email or open email attachments from somebody that you do not know. Hover over the link to check it’s validity.
Do not reuse passwords: Use unique passwords for all online accounts. Randomly mix up symbols and numbers with letters. The longer and more complex your password, the more effective it will be in preventing brute-force attacks.
Install ad blockers: Ads can be used to serve up malware or malvertising (malicious advertising containing viruses) and these simple web extensions can prevent this.
To read the paper, click here.