Story image

Public dataset to help researchers predict malicious activity unveiled

08 Oct 2019

Australian researchers have created what they are calling ‘the largest public available dataset of malicious internet activity’ of its kind. They hope it will help cybersecurity specialists predict what security threats the future could bring.

CRISO’s Data61, Macquarie University, University of Sydney, and Nokia Bell Labs developed the dataset, called FinalBlacklist, that spans 10 years from 2007-2017.

The dataset comprises 51.6 malicious activity reports involving 662,000 unique IP addresses across the globe. The reports include malware, phishing, fraudulent services, potentially unwanted programs, exploits and spam, all identified and categorised using machine learning technologies.

CSIRO’s Data61 information security and privacy research leader, professor Dali Kaafar, says malicious software has been cybercriminals’ weapon of choice over the past 10 years.

“Last year the WannaCry ransomware attack affected more than 300,000 computers across 150 countries causing billions of dollars in damage. Ransomware remains a persistent threat as evidenced by the recent attacks against hospitals across Victoria,” Kaafar explains.

“Reports of phishing activities have also steadily risen with a spike in 2009 coinciding with the increased adoption of smartphones. In 2013, another spike was experienced which can be linked to the growing popularity of digital payment systems which attracted unwanted attention from cybercriminals.”

Analysts and researchers will be able to train their algorithms to identify how the sources, types, and scale of malicious activity have changed over time, so that they could potentially predict future activity before it happens.

According to the data, the annual cost of cybercrime damages may hit $6 trillion by 2021.

CSIRO’s Data61 software and computational systems research director Dr Liming Zhu adds, ““The insights that can be drawn from the FinalBlacklist dataset represent a significant contribution to cybersecurity research. A retrospective analysis of historical mal-activity trends could help reduce the impact of cybercrime on the economy.”

According to the researchers, other databases like this do exist, but they’re often kept under wraps due to privacy concerns and the desire to maintain competitive advantage. Conversely, FinalBlacklist is available publicly.

“Our analysis revealed a consistent minority of repeat offenders that contributed a majority of the mal-activity reports. Detecting and quickly reacting to the emergence of these mal-activity contributors could significantly reduce the damage inflicted,” Kaafar concludes.

The researchers offer these tips to avoid malicious online activity:

  • Keep your operating system current: Whether you’re running Windows, Mac OS, Linux, or any other OS, keep it up to date. OS developers regularly issue security patches that fix and plug security leaks.
     
  • Don’t give into ransom demands: If your device is infected by ransomware and you are locked out from accessing your files, don't pay the ransom. There are no guarantees that your files will be released when you are dealing with criminals.
     
  • Think before you click: Do not click on a link in an unsolicited email or open email attachments from somebody that you do not know. Hover over the link to check its validity.
     
  • Do not reuse passwords: Use unique passwords for all online accounts. Randomly mix up symbols and numbers with letters. The longer and more complex your password, the more effective it will be in preventing brute-force attacks.
     
  • Install ad blockers: Ads can be used to serve up malware or malvertising (malicious advertising containing viruses) and these simple web extensions can prevent this.
     
  • Install JavaScript-blockers: Privacy preserving tools like NoScript pre-emptively block malicious scripts and allows JavaScript, Java and other potentially dangerous content only from trusted sites.