Mapping ISP Malware Trends in Albania: Clustering for Smarter Cyber Defences

Abstract

Cybersecurity plays a vital role in protecting digital infrastructure, with Internet Service Providers (ISPs) standing at the core of this ecosystem. This research takes an exploratory perspective, given the limitations of both the dataset and the number of available features. The analysis draws on malware detection data from Albania, reported through the Shadow Server platform, covering a 15-month period across seven ISPs. By applying time-series clustering alongside statistical methods, the study groups ISPs according to their security patterns. The time-series analysis points to three distinct periods of heightened malware activity, while the characteristics-based approach identifies three groups of ISPs that differ in their vulnerability profiles. Taken together, these results underline the need for customized cybersecurity strategies and stronger cooperation among ISPs. Despite the constraints of a relatively small dataset, clustering techniques prove useful for optimizing resources, supporting regulatory compliance, and informing strategic decisions aimed at more effective threat prevention and mitigation.