Prudent Practices for Designing Malware Experiments: Status Quo and Outlook

TitlePrudent Practices for Designing Malware Experiments: Status Quo and Outlook
Publication TypeConference Paper
Year of Publication2012
AuthorsRossow C, Dietrich CJ, Kreibich C, Grier C, Paxson V, Pohlmann N, Bos H, van Steen M
Page(s)65-79
Other Numbers3298
Abstract

Malware researchers rely on the observation ofmalicious code in execution to collect datasets for a wide arrayof experiments, including generation of detection models, studyof longitudinal behavior, and validation of prior research. Forsuch research to reflect prudent science, the work needs toaddress a number of concerns relating to the correct andrepresentative use of the datasets, presentation of methodologyin a fashion sufficiently transparent to enable reproducibility,and due consideration of the need not to harm others.In this paper we study the methodological rigor andprudence in 36 academic publications from 2006–2011 that

Acknowledgment

We thank our shepherd David Brumley for his support infinalizing this paper. We also thank all anonymous reviewersfor their insightful comments. We thank all our anonymousmalware sample feeds. Moreover, we thank Robin Sommerfor his valuable discussion input. This work was supportedby the Federal Ministry of Education and Research of Germany(Grant 01BY1110, MoBE), the EU “iCode” project(funded by the Prevention, Preparedness and ConsequenceManagement of Terrorism and other Security-related RisksProgramme of the European Commission DG for HomeAffairs), the EU FP7-ICT-257007 SysSec project, the USNational Science Foundation (Grant 0433702) and Office ofNaval Research (Grant 20091976). Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors or originators and do not necessarily reflect the views of the funders.

URLhttp://www.icsi.berkeley.edu/pubs/networking/ICSI_prudentpracticesfor12.pdf
Bibliographic Notes

Proceedings of the 33rd IEEE Symposium on Security and Privacy (S&P 2012), pp. 65-79, San Francisco, California

Abbreviated Authors

C. Rossow, C. J. Dietrich, C. Kreibich, C. Grier, V. Paxson, N. Pohlmann, H. Bos, and M. van Steen

ICSI Research Group

Networking and Security

ICSI Publication Type

Article in conference proceedings