论文信息 - Measuring the Impact of Sharing Abuse Data with Web Hosting Providers

Measuring the Impact of Sharing Abuse Data with Web Hosting Providers

Sharing incident data among Internet operators is widely seen as an important strategy in combating cybercrime. However, little work has been done to quantify the positive benefits of such sharing. To that end, we report on an observational study of URLs blacklisted for distributing malware that the non-profit anti-malware organization StopBadware shared with requesting web hosting providers. Our dataset comprises over 28,000 URLs shared with 41 organizations between 2010 and 2015. We show that sharing has an immediate effect of cleaning the reported URLs and reducing the likelihood that they will be recompromised; despite this, we find that long-lived malware takes much longer to clean, even after being reported. Furthermore, we find limited evidence that one-time sharing of malware data improves the malware cleanup response of all providers over the long term. Instead, some providers improve while others worsen.

Tyler Moore | Marie Vasek | Matthew Weeden

[1] Aurélien Francillon,et al. The role of web hosting providers in detecting compromised websites , 2013, WWW '13.

[2] Vern Paxson,et al. Remedying Web Hijacking: Notification Effectiveness and Webmaster Comprehension , 2016, WWW.

[3] Vern Paxson,et al. The Matter of Heartbleed , 2014, Internet Measurement Conference.

[4] Stefan Savage,et al. You've Got Vulnerability: Exploring Effective Vulnerability Notifications , 2016, USENIX Security Symposium.

[5] Niels Provos,et al. All Your iFRAMEs Point to Us , 2008, USENIX Security Symposium.

[6] Tyler Moore,et al. Do Malware Reports Expedite Cleanup? An Experimental Study , 2012, CSET.

[7] Michael Backes,et al. Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification , 2016, USENIX Security Symposium.

[8] Christian Rossow,et al. Exit from Hell? Reducing the Impact of Amplification DDoS Attacks , 2014, USENIX Security Symposium.

[9] Juan Caballero,et al. Driving in the Cloud: An Analysis of Drive-by Download Operations and Abuse Reporting , 2013, DIMVA.

[10] Ross J. Anderson,et al. Taking down websites to prevent crime , 2016, 2016 APWG Symposium on Electronic Crime Research (eCrime).

[11] Tyler Moore,et al. The consequence of non-cooperation in the fight against phishing , 2008, 2008 eCrime Researchers Summit.

[12] Tyler Moore,et al. Understanding the Role of Sender Reputation in Abuse Reporting and Cleanup , 2015, WEIS.