Prudent Practices for Designing Malware Experiments: Status Quo and Outlook
Title | Prudent Practices for Designing Malware Experiments: Status Quo and Outlook |
Publication Type | Conference Paper |
Year of Publication | 2012 |
Authors | Rossow, C., Dietrich C. J., Kreibich C., Grier C., Paxson V., Pohlmann N., Bos H., & van Steen M. |
Page(s) | 65-79 |
Other Numbers | 3298 |
Abstract | Malware researchers rely on the observation ofmalicious code in execution to collect datasets for a wide arrayof experiments, including generation of detection models, studyof longitudinal behavior, and validation of prior research. Forsuch research to reflect prudent science, the work needs toaddress a number of concerns relating to the correct andrepresentative use of the datasets, presentation of methodologyin a fashion sufficiently transparent to enable reproducibility,and due consideration of the need not to harm others.In this paper we study the methodological rigor andprudence in 36 academic publications from 20062011 that |
Acknowledgment | We thank our shepherd David Brumley for his support infinalizing this paper. We also thank all anonymous reviewersfor their insightful comments. We thank all our anonymousmalware sample feeds. Moreover, we thank Robin Sommerfor his valuable discussion input. This work was supportedby the Federal Ministry of Education and Research of Germany(Grant 01BY1110, MoBE), the EU iCode project(funded by the Prevention, Preparedness and ConsequenceManagement of Terrorism and other Security-related RisksProgramme of the European Commission DG for HomeAffairs), the EU FP7-ICT-257007 SysSec project, the USNational Science Foundation (Grant 0433702) and Office ofNaval Research (Grant 20091976). Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors or originators and do not necessarily reflect the views of the funders. |
URL | http://www.icsi.berkeley.edu/pubs/networking/ICSI_prudentpracticesfor12.pdf |
Bibliographic Notes | Proceedings of the 33rd IEEE Symposium on Security and Privacy (S&P 2012), pp. 65-79, San Francisco, California |
Abbreviated Authors | C. Rossow, C. J. Dietrich, C. Kreibich, C. Grier, V. Paxson, N. Pohlmann, H. Bos, and M. van Steen |
ICSI Research Group | Networking and Security |
ICSI Publication Type | Article in conference proceedings |