论文信息 - Understanding the Role of Sender Reputation in Abuse Reporting and Cleanup

Understanding the Role of Sender Reputation in Abuse Reporting and Cleanup

Motivation: Participants on the front lines of abuse reporting have a variety of options to notify intermediaries and resource owners about abuse of their systems and services. These can include emails to personal messages to blacklists to machine-generated feeds. Recipients of these reports have to voluntarily act on this information. We know remarkably little about the factors that drive higher response rates to abuse reports. One such factor is the reputation of the sender. In this article, we present the first randomized controlled experiment into sender reputation. We used a private datafeed of Asprox-infected websites to issue notifications from three senders with different reputations: an individual, a university and an established anti-malware organization. Results: We find that our detailed abuse reports significantly increase cleanup rates. Surprisingly, we find no evidence that sender reputation improves cleanup. We do see that the evasiveness of the attacker in hiding compromise can substantially hamper cleanup efforts. Furthermore, we find that the minority of hosting providers who viewed our cleanup advice webpage were much more likely to remediate infections than those who did not, but that website owners who viewed the advice fared no better.

Tyler Moore | Michel van Eeten | Carlos Gañán | Orçun Çetin | Mohammad Hanif Jhaveri

[1] Michel van Eeten,et al. An Empirical Analysis of ZeuS C&C Lifetime , 2015, AsiaCCS.

[2] Christian Rossow,et al. Exit from Hell? Reducing the Impact of Amplification DDoS Attacks , 2014, USENIX Security Symposium.

[3] Joseph Bonneau,et al. What's in a Name? , 2020, Financial Cryptography.

[4] 尚弘島影. National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[5] Andrew B. Whinston,et al. Improving Internet Security Through Social Information and Social Comparison: A Field Quasi-Experiment , 2013 .

[6] Aditya Akella,et al. Proceedings of the 2014 Conference on Internet Measurement Conference , 2014, IMC 2014.

[7] Tyler Moore,et al. Evil Searching: Compromise and Recompromise of Internet Hosts for Phishing , 2009, Financial Cryptography.

[8] Tyler Moore,et al. Do Malware Reports Expedite Cleanup? An Experimental Study , 2012, CSET.

[9] Aurélien Francillon,et al. The role of web hosting providers in detecting compromised websites , 2013, WWW '13.

[10] Vern Paxson,et al. The Matter of Heartbleed , 2014, Internet Measurement Conference.

[11] Dave Crocker,et al. Mailbox Names for Common Services, Roles and Functions , 1997, RFC.

[12] Maciej Korczynski,et al. Apples, oranges and hosting providers: Heterogeneity and security in the hosting market , 2016, NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium.