Paint It Black: Evaluating the Effectiveness of Malware Blacklists

  title={Paint It Black: Evaluating the Effectiveness of Malware Blacklists},
  author={Marc K{\"u}hrer and C. Rossow and T. Holz},
  • Marc Kührer, C. Rossow, T. Holz
  • Published in RAID 2014
  • Computer Science
  • Blacklists are commonly used to protect computer systems against the tremendous number of malware threats. These lists include abusive hosts such as malware sites or botnet Command & Control and dropzone servers to raise alerts if suspicious hosts are contacted. Up to now, though, little is known about the effectiveness of malware blacklists. 
    Clustering Malicious DNS Queries for Blacklist-Based Detection
    • 1
    • PDF
    A Cause-Based Classification Approach for Malicious DNS Queries Detected Through Blacklists
    • 1
    Scalable Detection of Server-Side Polymorphic Malware
    • 3
    Blacklists Assemble : Aggregating Blacklists for Accuracy
    • 1
    • PDF
    A Lustrum of Malware Network Communication: Evolution and Insights
    • 47
    • Highly Influenced
    • PDF
    BotMAD: Botnet malicious activity detector based on DNS traffic analysis
    • 6
    Gossip: Automatically Identifying Malicious Domains from Mailing List Discussions
    • 9
    • PDF


    Publications referenced by this paper.
    Detecting malware's failover C&C strategies with squeeze
    • 32
    • PDF
    Rozzle: De-cloaking Internet Malware
    • 164
    • PDF
    An Empirical Analysis of Malware Blacklists
    • 6
    Sandnet: network traffic analysis of malicious software
    • 86
    • PDF
    From Throw-Away Traffic to Bots: Detecting the Rise of DGA-Based Malware
    • 390
    • PDF
    ProVeX: Detecting Botnets with Encrypted Command and Control Channels
    • 53
    • PDF
    Large-Scale Analysis of Malware Downloaders
    • 58
    • PDF