论文信息 - No Plan Survives Contact: Experience with Cybercrime Measurement - 字舞流文

No Plan Survives Contact: Experience with Cybercrime Measurement

An important mode of empirical security research involves analyzing the behavior, capabilities, and motives of adversaries. By definition, such measurements cannot be conducted in controlled settings and require "engagement" directly with adversaries, their infrastructure or their ecosystem. However, the operational complexities required to successfully carry out such measurements are significant and rarely documented; blacklisting, payment instruments, fraud controls and contact management all represent real challenges in such studies. In this paper, we document our experiences conducting such measurements over five years (covering a range of distinct studies) and distill effective operational practices for others who might conduct similar experiments in the future.

Chris Kanich | Stefan Savage | Geoffrey M. Voelker | Damon McCoy | Kirill Levchenko | Chris Grier | Neha Chachra | Marti Motoyama | David Y. Wang | S. Savage | G. Voelker | Chris Grier | Damon McCoy | Kirill Levchenko | Chris Kanich | Marti A. Motoyama | David Y. Wang | Neha Chachra

[1] Hector Garcia-Molina,et al. Web Spam Taxonomy , 2005, AIRWeb.

[2] Brian D. Davison,et al. Detecting semantic cloaking on the web , 2006, WWW '06.

[3] Nick Feamster,et al. Understanding the network-level behavior of spammers , 2006, SIGCOMM 2006.

[4] Ken Chiang,et al. A Case Study of the Rustock Rootkit and Spam Bot , 2007, HotBots.

[5] Phillip A. Porras,et al. A Multi-perspective Analysis of the Storm ( Peacomm ) Worm , 2007 .

[6] Stefan Savage,et al. Spamscatter: Characterizing Internet Scam Hosting Infrastructure , 2007, USENIX Security Symposium.

[7] Felix C. Freiling,et al. Measuring and Detecting Fast-Flux Service Networks , 2008, NDSS.

[8] Geoff Hulten,et al. Spamming botnets: signatures and characteristics , 2008, SIGCOMM '08.

[9] Chris Kanich,et al. The Heisenbot Uncertainty Problem: Challenges in Separating Bots from Chaff , 2008, LEET.

[10] Chris Kanich,et al. Spamalytics: an empirical analysis of spam marketing conversion , 2008, CCS.

[11] Chris Kanich,et al. On the Spam Campaign Trail , 2008, LEET.

[12] Arvind Krishnamurthy,et al. Studying Spamming Botnets Using Botlab , 2009, NSDI.

[13] Chris Kanich,et al. Spamcraft: An Inside Look At Spam Campaign Orchestration , 2009, LEET.

[14] Nick Feamster,et al. Dynamics of Online Scam Hosting Infrastructure , 2009, PAM.

[15] Tyler Moore,et al. Temporal Correlations between Spam and Phishing Websites , 2009, LEET.

[16] Chris Kanich,et al. Re: CAPTCHAs-Understanding CAPTCHA-Solving Services in an Economic Context , 2010, USENIX Security Symposium.

[17] Farnam Jahanian,et al. Improving Spam Blacklisting Through Dynamic Thresholding and Speculative Aggregation , 2010, NDSS.

[18] Chris Kanich,et al. Botnet Judo: Fighting Spam with Itself , 2010, NDSS.

[19] Stefan Savage,et al. Dirty Jobs: The Role of Freelance Labor in Web Service Abuse , 2011, USENIX Security Symposium.

[20] He Liu,et al. Click Trajectories: End-to-End Analysis of the Spam Value Chain , 2011, 2011 IEEE Symposium on Security and Privacy.

[21] Chris Kanich,et al. Show Me the Money: Characterizing Spam-advertised Revenue , 2011, USENIX Security Symposium.