Abuse Reporting and the Fight Against Cybercrime

Cybercriminal activity has exploded in the past decade, with diverse threats ranging from phishing attacks to botnets and drive-by-downloads afflicting millions of computers worldwide. In response, a volunteer defense has emerged, led by security companies, infrastructure operators, and vigilantes. This reactionary force does not concern itself with making proactive upgrades to the cyber infrastructure. Instead, it operates on the front lines by remediating infections as they appear. We construct a model of the abuse reporting infrastructure in order to explain how voluntary action against cybercrime functions today, in hopes of improving our understanding of what works and how to make remediation more effective in the future. We examine the incentives to participate among data contributors, affected resource owners, and intermediaries. Finally, we present a series of key attributes that differ among voluntary actions to investigate further through experimentation, pointing toward a research agenda that could establish causality between interventions and outcomes.

[1]  Suku Nair,et al.  A comparison of machine learning techniques for phishing detection , 2007, eCrime '07.

[2]  S. Lo,et al.  Is Corporate Sustainability a Value-Increasing Strategy for Business? , 2007 .

[3]  Marco Cremonini,et al.  A framework for financial botnet analysis , 2010, 2010 eCrime Researchers Summit.

[4]  Roberto Perdisci,et al.  From Throw-Away Traffic to Bots: Detecting the Rise of DGA-Based Malware , 2012, USENIX Security Symposium.

[5]  Ahmed F. Shosha,et al.  BREDOLAB: Shopping in the Cybercrime Underworld , 2012, ICDF2C.

[6]  R. Clayton How much did shutting down McColo help ? , 2009 .

[7]  Benjamin Edwards,et al.  Beyond the blacklist: modeling malware spread and the effect of interventions , 2012, NSPW '12.

[8]  Juan Caballero,et al.  Driving in the Cloud: An Analysis of Drive-by Download Operations and Abuse Reporting , 2013, DIMVA.

[9]  Tyler Moore,et al.  A Nearly Four-Year Longitudinal Study of Search-Engine Poisoning , 2014, CCS.

[10]  Tyler Moore,et al.  Examining the impact of website take-down on phishing , 2007, eCrime '07.

[11]  Tyler Moore,et al.  Understanding the Role of Sender Reputation in Abuse Reporting and Cleanup , 2015, WEIS.

[12]  Tadayoshi Kohno,et al.  Challenges and Directions for Monitoring P2P File Sharing Networks - or - Why My Printer Received a DMCA Takedown Notice , 2008, HotSec.

[13]  Tyler Moore,et al.  The Impact of Incentives on Notice and Take-down , 2008, WEIS.

[14]  S. Savage,et al.  Empirically Characterizing Domain Abuse and the Revenue Impact of Blacklisting , 2014 .

[15]  Phillip Lin FireEye: Anatomy of the Mega-D takedown , 2009 .

[16]  Richard Clayton,et al.  Might Governments Clean-Up Malware? , 2011, WEIS.

[17]  Richard J. Enbody,et al.  Crimeware-as-a-service - A survey of commoditized crimeware in the underground market , 2013, Int. J. Crit. Infrastructure Prot..

[18]  Svein J. Knapskog,et al.  Re-evaluating the Wisdom of Crowds in Assessing Web Security , 2011, Financial Cryptography.

[19]  Niels Provos,et al.  All Your iFRAMEs Point to Us , 2008, USENIX Security Symposium.

[20]  Steve Mansfield-Devine Battle of the botnets , 2010, Netw. Secur..

[21]  Karim R. Lakhani,et al.  Why Hackers Do What They Do: Understanding Motivation and Effort in Free/Open Source Software Projects , 2003 .

[22]  Alexander Hars,et al.  Working for free? Motivations of participating in open source projects , 2001, Proceedings of the 34th Annual Hawaii International Conference on System Sciences.

[23]  Wenke Lee,et al.  Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces , 2009, 2009 Annual Computer Security Applications Conference.

[24]  Christopher T. Marsden,et al.  Co-Regulating Internet Security: The London Action Plan , 2007 .

[25]  Michel van Eeten,et al.  An Empirical Analysis of ZeuS C&C Lifetime , 2015, AsiaCCS.

[26]  Lawrence K. Saul,et al.  Judging a site by its content: learning the textual, structural, and visual features of malicious web pages , 2011, AISec '11.

[27]  Martín Abadi,et al.  deSEO: Combating Search-Result Poisoning , 2011, USENIX Security Symposium.

[28]  Eric A. Posner,et al.  Holding Internet Service Providers Accountable , 2006, Supreme Court Economic Review.

[29]  Christian Rossow,et al.  RUHR-UNIVERSITÄT BOCHUM , 2014 .

[30]  Tyler Moore,et al.  Do Malware Reports Expedite Cleanup? An Experimental Study , 2012, CSET.

[31]  Andrew B. Whinston,et al.  Improving Internet Security Through Social Information and Social Comparison: A Field Quasi-Experiment , 2013 .

[32]  Kevin C. Almeroth,et al.  FIRE: FInding Rogue nEtworks , 2009, 2009 Annual Computer Security Applications Conference.

[33]  Tyler Moore,et al.  The Impact of Public Information on Phishing Attack and Defense , 2011 .

[34]  Tyler Moore,et al.  The economics of cybersecurity: Principles and policy options , 2010, Int. J. Crit. Infrastructure Prot..

[35]  Lydia Segal,et al.  Global Cyber Intermediary Liability: A Legal & Cultural Strategy , 2014 .

[36]  Aurélien Francillon,et al.  The role of web hosting providers in detecting compromised websites , 2013, WWW '13.

[37]  Calton Pu,et al.  Predicting web spam with HTTP session information , 2008, CIKM '08.

[38]  He Liu,et al.  On the Effects of Registrar-level Intervention , 2011, LEET.

[39]  J. Simon Rofe ‘And the Gold Medal Goes to’: Sport Diplomacy in Action at the Winter Olympics , 2018 .

[40]  Janine S. Hiller Civil Cyberconflict: Microsoft, Cybercrime, and Botnets , 2014 .

[41]  Brian Fitzgerald,et al.  Why Hackers Do What They Do: Understanding Motivation and Effort in Free/Open Source Software Projects , 2007 .

[42]  Tyler Moore,et al.  Security Economics and European Policy , 2008, WEIS.

[43]  Marc Najork,et al.  Detecting spam web pages through content analysis , 2006, WWW '06.

[44]  Vern Paxson,et al.  The Matter of Heartbleed , 2014, Internet Measurement Conference.

[45]  Chris Kanich,et al.  Taster's choice: a comparative analysis of spam feeds , 2012, Internet Measurement Conference.

[46]  Tyler Moore,et al.  Evil Searching: Compromise and Recompromise of Internet Hosts for Phishing , 2009, Financial Cryptography.

[47]  Gianluca Stringhini,et al.  The Underground Economy of Spam: A Botmaster's Perspective of Coordinating Large-Scale Spam Campaigns , 2011, LEET.

[48]  Christian Rossow,et al.  Amplification Hell: Revisiting Network Protocols for DDoS Abuse , 2014, NDSS.

[49]  共立出版株式会社 コンピュータ・サイエンス : ACM computing surveys , 1978 .

[50]  Tyler Moore,et al.  The consequence of non-cooperation in the fight against phishing , 2008, 2008 eCrime Researchers Summit.

[51]  Giovanni Vigna,et al.  Prophiler: a fast filter for the large-scale detection of malicious web pages , 2011, WWW.

[52]  Heejo Lee,et al.  Identifying botnets by capturing group activities in DNS traffic , 2012, Comput. Networks.

[53]  Susan W. Brenner,et al.  Distributed Security: Moving Away from Reactive Law Enforcement , 2004 .

[54]  Christopher Krügel,et al.  Peering through the iframe , 2011, 2011 Proceedings IEEE INFOCOM.

[55]  Deirdre K. Mulligan,et al.  Doctrine for Cybersecurity , 2011, Daedalus.

[56]  J. Bauer,et al.  Economics of Malware: Security Decisions, Incentives and Externalities , 2008 .

[57]  Wenke Lee,et al.  Beheading hydras: performing effective botnet takedowns , 2013, CCS.

[58]  Jason Livingood,et al.  Recommendations for the Remediation of Bots in ISP Networks , 2012, RFC.

[59]  Vern Paxson,et al.  Remedying Web Hijacking: Notification Effectiveness and Webmaster Comprehension , 2016, WWW.

[60]  Johannes M. Bauer,et al.  Economics of Fighting Botnets: Lessons from a Decade of Mitigation , 2015, IEEE Security & Privacy.

[61]  Johannes M. Bauer,et al.  The Role of Internet Service Providers in Botnet Mitigation an Empirical Analysis Based on Spam Data , 2010, WEIS.

[62]  Lorrie Faith Cranor,et al.  An Empirical Analysis of Phishing Blacklists , 2009, CEAS 2009.

[63]  Jason Livingood,et al.  Comcast's Web Notification System Design , 2011, RFC.

[64]  Alexander Klimburg,et al.  Mobilising Cyber Power , 2011 .

[65]  Leyla Bilge,et al.  EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis , 2011, NDSS.

[66]  Tyler Moore,et al.  Evaluating the Wisdom of Crowds in Assessing Phishing Websites , 2008, Financial Cryptography.

[67]  Stefan Savage,et al.  Cloak and dagger: dynamics of web search cloaking , 2011, CCS '11.

[68]  Sandeep Yadav,et al.  Detecting algorithmically generated malicious domain names , 2010, IMC '10.

[69]  David Dittrich,et al.  So You Want to Take Over a Botnet , 2012, LEET.

[70]  Nick Feamster,et al.  Can DNS-Based Blacklists Keep Up with Bots? , 2006, CEAS.

[71]  Herbert Bos,et al.  SoK: P2PWNED - Modeling and Evaluating the Resilience of Peer-to-Peer Botnets , 2013, 2013 IEEE Symposium on Security and Privacy.

[72]  Tillmann Werner,et al.  Proactive Botnet Countermeasures An Offensive Approach , 2009 .

[73]  Tyler Moore,et al.  Measuring and Analyzing Search-Redirection Attacks in the Illicit Online Prescription Drug Trade , 2011, USENIX Security Symposium.