survey

Abuse Reporting and the Fight Against Cybercrime

Authors:
Mohammad Hanif Jhaveri

Southern Methodist University, TX, USA

Southern Methodist University, TX, USA

0000-0001-7000-8006
View Profile

,
Orcun Cetin

Delft University of Technology, BX Delft, Netherlands

Delft University of Technology, BX Delft, Netherlands
View Profile

,
Carlos Gañán

Delft University of Technology, BX Delft, Netherlands

Delft University of Technology, BX Delft, Netherlands
View Profile

,
Tyler Moore

The University of Tulsa, OK, USA

The University of Tulsa, OK, USA
View Profile

,
Michel Van Eeten

Delft University of Technology, BX Delft, Netherlands

Delft University of Technology, BX Delft, Netherlands
View Profile

Authors Info & Claims

ACM Computing Surveys Volume 49 Issue 4Article No.: 68pp 1–27https://doi.org/10.1145/3003147

Published:02 January 2017Publication History

ACM Computing Surveys

Abstract

Cybercriminal activity has exploded in the past decade, with diverse threats ranging from phishing attacks to botnets and drive-by-downloads afflicting millions of computers worldwide. In response, a volunteer defense has emerged, led by security companies, infrastructure operators, and vigilantes. This reactionary force does not concern itself with making proactive upgrades to the cyber infrastructure. Instead, it operates on the front lines by remediating infections as they appear. We construct a model of the abuse reporting infrastructure in order to explain how voluntary action against cybercrime functions today, in hopes of improving our understanding of what works and how to make remediation more effective in the future. We examine the incentives to participate among data contributors, affected resource owners, and intermediaries. Finally, we present a series of key attributes that differ among voluntary actions to investigate further through experimentation, pointing toward a research agenda that could establish causality between interventions and outcomes.

References

AA419. 2016. Artists Against 419--AA419. Retrieved from https://www.aa419.org.Google Scholar
Saeed Abu-Nimeh, Dario Nappa, Xinlei Wang, and Suku Nair. 2007. A comparison of machine learning techniques for phishing detection. In Proceedings of the 2nd APWG eCrime Researchers Summit. ACM, 60--69. Google ScholarDigital Library
Abuse Information Exchange. 2016. Abuse Information Exchange. Retrieved from https://www.abuse informationexchange.nl/english.Google Scholar
ACDC. 2016. Advanced Cyber Defence Centre. Retrieved from https://www.acdc-project.eu.Google Scholar
Ross Anderson, Rainer Böhme, Richard Clayton, and Tyler Moore. 2008. Security economics and European policy. In Managing Information Risk and the Economics of Security, M. E. Johnson (Ed.). Springer, 55--80.Google Scholar
Frankie Angai, Calvin Ching, Isaiah Ng, and Cameron Smith. 2010. Analysis on the Effectiveness of Safe Browsing Services. Technical Report. University of British Columbia.Google Scholar
Anti-Botnet-Advisory Centre. 2016. Anti-Botnet Advisory Centre. Retrieved from https://www.botfrei.de.Google Scholar
Manos Antonakakis and Yacin Nadji. 2013. Microsoft DCU—strike three. Now what? Damballa Blog Retrieved from https://www.damballa.com/microsoft-dcu-strike-three-now-what-2/.Google Scholar
Manos Antonakakis, Roberto Perdisci, Yacin Nadji, Nikolaos Vasiloglou II, Saeed Abu-Nimeh, Wenke Lee, and David Dagon. 2012. From throw-away traffic to bots: Detecting the rise of DGA-based malware. In Proceedings of the USENIX Security Symposium. USENIX, 491--506.Google Scholar
APWG. 2015. Anti-Phishing Working Group. Retrieved from http://www.antiphishing.org/.Google Scholar
APWG. 2016. Report Phishing—APWG. Retrieved from https://apwg.org/report-phishing/.Google Scholar
Hadi Asghari, Michel J. G. van Eeten, and Johannes M. Bauer. 2015. Economics of fighting botnets: Lessons from a decade of mitigation. IEEE Secur. Priv. 13, 5 (2015), 16--23. Google ScholarDigital Library
Sushma Nagesh Bannur, Lawrence K. Saul, and Stefan Savage. 2011. Judging a site by its content: Learning the textual, structural, and visual features of malicious web pages. In Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence. ACM, 1--10. Google ScholarDigital Library
BBC. 2014. Millions of German passwords stolen. Retrieved from http://www.bbc.com/news/technology-25825784.Google Scholar
Leyla Bilge, Engin Kirda, Christopher Kruegel, and Marco Balduzzi. 2011. EXPOSURE: Finding malicious domains using passive DNS analysis. In NDSS.Google Scholar
Susan W. Brenner. 2004. Distributed security: Moving away from reactive law enforcement. Int. J. Commun. Law Policy 9 (2004).Google Scholar
Annemarie Bridy. 2015. A user-focused commentary on the TPP’S ISP safe harbors. Stanford IP-Watch Blog. Retrieved from http://cyberlaw.stanford.edu/blog/2015/11/user-focused-commentary-tpp’s-isp-safe-harbors.Google Scholar
Ian Brown and Chris Marsden. 2007. Co-regulating internet security: The London action plan. In Proceedings of the Global Internet Governance Academic Network 2nd Annual Symposium. Google ScholarCross Ref
Davide Canali, Davide Balzarotti, and Aurélien Francillon. 2013. The role of web hosting providers in detecting compromised websites. In Proceedings of the 22nd International Conference on World Wide Web. International World Wide Web Conferences Steering Committee, 177--188. Google ScholarDigital Library
Davide Canali, Marco Cova, Giovanni Vigna, and Christopher Kruegel. 2011. Prophiler: A fast filter for the large-scale detection of malicious web pages. In Proceedings of the 20th International Conference on World Wide Web. ACM, 197--206. Google ScholarDigital Library
Orcun Cetin, Mohammad Hanif Jhaveri, Carlos Gañán, Michel van Eeten, and Tyler Moore. 2015. Understanding the role of sender reputation in abuse reporting and cleanup. In Proceedings of the 14th Annual Workshop on Economics of Information Security (WEIS’15).Google Scholar
Neha Chachra, Damon McCoy, Stefan Savage, and Geoffrey M. Voelker. 2014. Empirically characterizing domain abuse and the revenue impact of blacklisting. In Proceedings of the Workshop on the Economics of Information Security (WEIS'15). Retrieved from http://econinfosec.org/archive/weis2014/papers/Chachra-WEIS2014.pdf.Google Scholar
Pern Hui Chia and Svein Johan Knapskog. 2012. Re-evaluating the wisdom of crowds in assessing web security. In Financial Cryptography and Data Security. Springer, 299--314. Google ScholarDigital Library
Hyunsang Choi and Heejo Lee. 2012. Identifying botnets by capturing group activities in DNS traffic. Comput. Networks 56, 1 (2012), 20--33. Google ScholarDigital Library
Richard Clayton. 2009. How much did shutting down McColo help? In Proceedings of the 6th Conference on Email and Antispam (CEAS).Google Scholar
Richard Clayton. 2010. Might governments clean-up malware? In Proceedings of the 9th Annual Workshop on the Economics of Information Security (WEIS’10). Retrieved from http://weis2010.econinfosec.org/ papers/session4/weis2010_clayton.pdf.Google Scholar
Conficker Working Group. 2011. Conficker working group: Lessons learned. Retrieved from http://www.confickerworkinggroup.org/wiki/uploads/Conficker_Working_Group_Lessons_Learned_17_June_2010_final.pdf.Google Scholar
Conficker Working Group. 2016. Conficker Working Group. (2016). Retrieved from http://www.conficker workinggroup.org.Google Scholar
Cybercrime tracker. 2016. Cybercrime tracker. Retrieved from http://cybercrime-tracker.net.Google Scholar
Daan de Graaf, Ahmed F. Shosha, and Pavel Gladyshev. 2013. BREDOLAB: Shopping in the cybercrime underworld. In Digital Forensics and Cyber Crime. Springer, 302--313. Google ScholarCross Ref
David Dittrich. 2012. So you want to take over a botnet. In Proceedings of the 5th USENIX Conference on Large-Scale Exploits and Emergent Threats. USENIX Association, 6--6.Google ScholarDigital Library
Zakir Durumeric, James Kasten, F. Li, Johanna Amann, Jethro Beekman, Mathias Payer, Nicholas Weaver, J. A. Halderman, Vern Paxson, and Michael Bailey. 2014. The matter of heartbleed. In ACM Internet Measurement Conference (IMC). Google ScholarDigital Library
Benjamin Edwards, Tyler Moore, George Stelle, Steven Hofmeyr, and Stephanie Forrest. 2012. Beyond the blacklist: Modeling malware spread and the effect of interventions. In Proceedings of the 2012 Workshop on New Security Paradigms. ACM, 53--66. Google ScholarDigital Library
Europol. 2016. A Collective European Response to Cybercrime. Retrieved from https://www.europol.europa.eu/ec3.Google Scholar
Facebook. 2016. Threat Exchange—Threat Exchange - Facebook for Developers. Retrieved from https://developers.facebook.com/products/threat-exchange.Google Scholar
FBI. 2016. FBI Cyber Crimes Division. Retrieved from http://www.fbi.gov/about-us/investigate/cyber.Google Scholar
FireEye. 2016. Cyber Security 8 Malware Protection—FireEye, Inc. Retrieved from http://www.fireeye.com.Google Scholar
Carlos Gañán, Orcun Cetin, and Michel van Eeten. 2015. An empirical analysis of ZeuS C8C lifetime. In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security. ACM, 97--108.Google ScholarDigital Library
Natalie Goguen. 2014. Update: Details on Microsoft Takeover. Retrieved July, 10 2014 from http://www.noip.com/blog/2014/07/10/microsoft-takedown-details-updates/.Google Scholar
Google. 2016a. Google Developers—Safe Browsing API. Retrieved 2016 from https://developers.google.com/ safe-browsing.Google Scholar
Google. 2016b. Search Console. Retrieved June 23, 2016 https://www.google.com/webmasters/tools/home?hl=en.Google Scholar
Alexander Hars and Shaosong Ou. 2001. Working for free? Motivations of participating in open source projects. In Proceedings of the 34th Annual Hawaii International Conference on System Sciences. IEEE, 9--pp. Google ScholarCross Ref
Janine S. Hiller. 2014. Civil cyberconflict: Microsoft, cybercrime, and botnets. Santa Clara Comput. High Tech. LJ 31 (2014), 163.Google Scholar
ISAC. 2016. About—Information Sharing and Analysis Center. Retrieved from https://certisac.org/about.isac.eu. 2016. isac.eu. Retrieved from http://isac.eu.Google Scholar
John P. John, Fang Yu, Yinglian Xie, Arvind Krishnamurthy, and Martin Abadi. 2011. deSEO: Combating search-result poisoning. In Proceedings of the USENIX Security Symposium. USENIX Association.Google Scholar
Antti Kiuru. 2016. Incident Response Made Better by Agile Robots. Retrieved from June 13, 2016 https://www.first.org/resources/papers/conf2016/FIRST-2016-110.pdf.Google Scholar
Alexander Klimburg. 2011. Mobilising cyber power. Survival 53, 1 (2011), 41--60. Google ScholarCross Ref
Brian Krebs. 2008. Host of internet spam groups is cut off. Washington Post, Nov 12 (2008). Retrieved from http://www.washingtonpost.com/wp-dyn/content/article/2008/11/12/AR2008111200658.html.Google Scholar
Brian Krebs. 2010. Talking bots with Japan’s “cyber clean center.” KrebsonSecurity Retrieved from http://krebsonsecurity.com/2010/03/talking-bots-with-japans-cyber-clean-center.Google Scholar
Marc Kührer, Christian Rossow, and Thorsten Holz. 2014. Paint it black: Evaluating the effectiveness of malware blacklists. In Research in Attacks, Intrusions and Defenses. Springer, 1--21. Google ScholarCross Ref
Karim R. Lakhani and Robert G. Wolf. 2005. Why hackers do what they do: Understanding motivation and effort in free/open source software projects. Perspect. Free Open Source Softw. 1 (2005), 3--22.Google Scholar
Felix Leder, Tillmann Werner, and Peter Martini. 2009. Proactive botnet countermeasures--an offensive approach. Virtual Battlefield: Perspect. Cyber Warf. 3 (2009), 211--225.Google Scholar
Nektarios Leontiadis, Tyler Moore, and Nicolas Christin. 2011. Measuring and analyzing search-redirection attacks in the illicit online prescription drug trade. In Proceedings of USENIX Security 2011. San Francisco, CA.Google Scholar
Nektarios Leontiadis, Tyler Moore, and Nicolas Christin. 2014. A nearly four-year longitudinal study of search-engine poisoning. In Proceedings of ACM CCS 2014. Google ScholarDigital Library
Frank Li, Grant Ho, Eric Kuan, Yuan Niu, Lucas Ballard, Kurt Thomas, Elie Bursztein, and Vern Paxson. 2016. Remedying web hijacking: Notification effectiveness and webmaster comprehension. In Proceedings of the International World Wide Web Conference.Google ScholarDigital Library
Doug Lichtman and Eric Posner. 2006. Holding internet service providers accountable. Supr. Court Econ. Rev. (2006), 221--259.Google Scholar
Phillip Lin. 2009. Anatomy of the mega-d takedown. Network Secur. 2009, 12 (2009), 4--7. Google ScholarDigital Library
He Liu, Kirill Levchenko, Márk Félegyházi, Christian Kreibich, Gregor Maier, Geoffrey M. Voelker, and Stefan Savage. 2011. On the effects of registrar-level intervention. In Proceedings of the 4th USENIX LEET.Google Scholar
Jason Livingood, Nirmal Mody, and Mike O’Reirdan. 2012. Recommendations for the Remediation of Bots in ISP Networks. RFC 6561 (Informational). Retrieved from http://www.ietf.org/rfc/rfc6561.txt.Google Scholar
Shih-Fang Lo and Her-Jiun Sheu. 2007. Is corporate sustainability a value-increasing strategy for business? Corp. Gov.: Int. Rev. 15, 2 (2007), 345--358. Google ScholarCross Ref
Malware Must Die. 2016. Homepage. Retrieved from http://malwaremustdie.orgGoogle Scholar
Steve Mansfield-Devine. 2010. Battle of the botnets. Netw. Secur. 2010, 5 (2010), 4--6. Google ScholarDigital Library
Niels Provos Panayiotis Mavrommatis and Moheeb Abu Rajab Fabian Monrose. 2008. All your iFrames point to us. In Proceedings of the 17th USENIX Security Symposium.Google Scholar
MDL. 2016. Malware domain List (MDL). Retrieved from http://www.malwaredomainlist.com.Google Scholar
Messaging Anti-Abuse Working Group. 2007. M3AAWG best practices for the use of a walled garden. San Francisco, CA (2007).Google Scholar
Leigh Metcalf and Jonathan M. Spring. 2013. Everything You Wanted to Know About Blacklists But Were Afraid to Ask. Technical Report. Software Engineering Institute—Carnegie Mellon University.Google Scholar
Microsoft News Center. 2013. Microsoft, the FBI, Europol and industry partners disrupt the notorious ZeroAccess botnet. (December 2013). Retrieved December 5, 2013 from https://news.microsoft.com/2013/12/05/microsoft-the-fbi-europol-and-industry-partners-disrupt-the-notorious-zeroaccess-botnet/.Google Scholar
Nirmal Mody, Alex Kasyanov, Jason Livingood, Brian Lieu, and Chae Chung. 2011. Comcast’s Web Notification System Design. RFC 6108 (Informational). (February 2011). DOI:http://dx.doi.org/10.17487/rfc6108 Google ScholarCross Ref
Meaghan Molloy. 2014. Operation Tovar: The Latest Attempt to Eliminate Key Botnets. Retrieved July 8, 2014 from https://www.fireeye.com/blog/threat-research/2014/07/operation-tovar-the-latest-attempt-to-eliminate-key-botnets.html.Google Scholar
Tyler Moore. 2010. The economics of cybersecurity: Principles and policy options. Int. J. Crit. Infrastruct. Protect. 3, 3--4 (2010), 103--117.Google ScholarCross Ref
Tyler Moore and R. Clayton. 2007. Examining the impact of website take-down on phishing. In Proceedings of the 2nd APWG eCrime Researcher’s Summit. Google ScholarDigital Library
Tyler Moore and Richard Clayton. 2008a. The consequence of non-cooperation in the fight against phishing. In Proceedings of the 3rd APWG eCrime Researchers Summit. Google ScholarCross Ref
Tyler Moore and Richard Clayton. 2008b. Evaluating the wisdom of crowds in assessing phishing websites. In Financial Cryptography and Data Security (Lecture Notes in Computer Science), Gene Tsudik (Ed.), Vol. 5143. Springer, 16--30. Retrieved from http://lyle.smu.edu/&sim;tylerm/fc08.pdf.Google Scholar
Tyler Moore and Richard Clayton. 2009a. Evil searching: Compromisel and recompromise of internet hosts for phishing. In Proceedings of the 13th International Conference on Financial Cryptography and Data Security. Google ScholarDigital Library
Tyler Moore and Richard Clayton. 2009b. The impact of incentives on notice and take-down. In Managing Information Risk and the Economics of Security, M. E. Johnson (Ed.). Springer, 199--223. Google ScholarCross Ref
Tyler Moore and Richard Clayton. 2011. The impact of public information on phishing attack and defense. Commun. Strat. 1, 81 (2011), 45--68.Google Scholar
Deirdre K. Mulligan and Fred B. Schneider. 2011. Doctrine for cybersecurity. Daedalus 140, 4 (2011), 70--92. Google ScholarCross Ref
Yacin Nadji, Manos Antonakakis, Roberto Perdisci, David Dagon, and Wenke Lee. 2013. Beheading hydras: Performing effective botnet takedowns. In Proceedings of the 2013 ACM SIGSAC Conference on Computer 8 Communications Security. ACM, 121--132. Google ScholarDigital Library
Antonio Nappa, M. Zubair Rafique, and Juan Caballero. 2013. Driving in the cloud: An analysis of drive-by download operations and abuse reporting. In Proceedings of the 10th Conference on Detection of Intrusions and Malware 8 Vulnerability Assessment. Springer, Berlin, 1--20. Google ScholarDigital Library
National Council of ISACs. 2016. National Council of ISACs—About NCI. Retrieved from http://www.nationalisacs.org/about-nci.Google Scholar
Alexandros Ntoulas, Marc Najork, Mark Manasse, and Dennis Fetterly. 2006. Detecting spam web pages through content analysis. In Proceedings of the 15th International Conference on World Wide Web. ACM, 83--92. Google ScholarDigital Library
Roberto Perdisci, Igino Corona, David Dagon, and Wenke Lee. 2009. Detecting malicious flux service networks through passive analysis of recursive DNS traces. In Computer Security Applications Conference, 2009. ACSAC’09. Annual. 311--320. Google ScholarDigital Library
Nicole Perlroth and David Gelles. 2014. Russian Hackers Amass Over a Billion Internet Passwords. Retrieved from http://nytimes.com/2014/08/06/technology/russian-gang-said-to-amass-more-than-a-billion-stolen-internet-credentials.html.Google Scholar
Jason H. Peterson, Lydia Segal, and Anthony Eonas. 2014. Global cyber intermediary liability: A legal 8 cultural strategy. Pace Law Rev. 34 (2014), 586.Google Scholar
PhishTank. 2016. PhishTank. Retrieved from https://www.phishtank.com/.Google Scholar
Michael Piatek, Tadayoshi Kohno, and Arvind Krishnamurthy. 2008. Challenges and directions for monitoring P2P file sharing networks—or why my printer received a DMCA takedown notice. In Proceeding of the 3rd USENIX Workshop on Hot Topics in Security (HotSec’08). Retrieved from http://www.usenix.org/events/hotsec08/tech/full_papers/piatek/piatek.pdf.Google Scholar
Andreas Pitsillidis, Chris Kanich, Geoffrey M. Voelker, Kirill Levchenko, and Stefan Savage. 2012. Taster’s choice: A comparative analysis of spam feeds. In Proceedings of the ACM SIGCOMM Conference on Internet Measurement. 427--440. Google ScholarDigital Library
Tim Rains. 2014. And the Gold Medal Goes to ...Finland! Retrieved Feburary 20, 2014 https://blogs.microsoft.com/cybertrust/2014/02/20/and-the-gold-medal-goes-to-finland/.Google Scholar
Anirudh Ramachandran, David Dagon, and Nick Feamster. 2006. Can DNS-based blacklists keep up with bots? In CEAS. Citeseer.Google Scholar
Raytheon. 2016. Forcepoint. Retrieved from https://www.forcepoint.com.Google Scholar
Marco Riccardi, David Oro, Jesus Luna, Marco Cremonini, and Marc Vilanova. 2010. A framework for financial botnet analysis. In eCrime Researchers Summit (eCrime), 2010. IEEE, 1--7. Google ScholarCross Ref
Christian Rossow. 2014. Amplification hell: Revisiting network protocols for DDoS abuse. In Proceedings of the 2014 Network and Distributed System Security (NDSS) Symposium.Google ScholarCross Ref
Christian Rossow, Dennis Andriesse, Tillmann Werner, Brett Stone-Gross, Daniel Plohmann, Christian J. Dietrich, and Herbert Bos. 2013. Sok: P2pwned-modeling and evaluating the resilience of peer-to-peer botnets. In Proceedings of the 2013 IEEE Symposium onSecurity and Privacy (SP). IEEE, 97--111. Google ScholarDigital Library
SANS Institute. 2016. SANS Information Security Training. Retrieved from http://www.sans.org.Google Scholar
Shadowserver. 2016. Shadowserver Foundation. Retrieved from https://www.shadowserver.org.Google Scholar
Steve Sheng, Brad Wardman, Gary Warner, Lorrie Cranor, Jason Hong, and Chengshan Zhang. 2009. An empirical analysis of phishing blacklists. In Sixth Conference on Email and Anti-Spam (CEAS).Google Scholar
Aditya K. Sood and Richard J. Enbody. 2013. Crimeware-as-a-service—a survey of commoditized crimeware in the underground market. Int. J. Crit. Infrastruct. Protect. 6, 1 (2013), 28--38. Google ScholarCross Ref
Spamhaus. 2016. Spamhaus Datafeed. Retrieved from http://www.spamhaus.org/datafeed.Google Scholar
STC 2007. Personal Internet Security. Technical Report. Authority of the House of Lords. Retrieved from http://www.publications.parliament.uk/pa/ld200607/ldselect/ldsctech/165/165ii.pdf.Google Scholar
Brett Stone-Gross, Marco Cova, Christopher Kruegel, and Giovanni Vigna. 2011a. Peering through the iframe. In Proceedings of the 2011 IEEE INFOCOM. IEEE, 411--415. Google ScholarCross Ref
Brett Stone-Gross, Thorsten Holz, Gianluca Stringhini, and Giovanni Vigna. 2011b. The underground economy of spam: A botmaster’s perspective of coordinating large-scale spam campaigns. In Proceedings of the 4th USENIX Conference on Large-scale Exploits and Emergent Threats (LEET’11). USENIX Association, Berkeley, CA, 4--4.Google Scholar
Brett Stone-Gross, Christopher Kruegel, Kevin Almeroth, Andreas Moser, and Engin Kirda. 2009. Fire: Finding rogue networks. In Proceedings of the 2009 Computer Security Applications Conference (ACSAC’09). IEEE, 231--240. Google ScholarDigital Library
Stop Escrow Fraud. 2016. Home - Escrow Fraud Prevention. Retrieved from http://www.escrow-fraud.com.Google Scholar
StopBadware. 2011. The State of Badware. Technical Report. StopBadware. Retrieved from https://www.stopbadware.org/files/state-of-badware-june-2011.pdf.Google Scholar
StopBadware. 2016. Data Sharing Program. Retreived from https://www.stopbadware.org/data-sharing.Google Scholar
Symantec. 2016a. Blue Coat—Network + Security + Cloud. Retrieved from https://www.bluecoat.com.Google Scholar
Symantec. 2016b. Norton Safe Web. Retrieved from https://safeweb.norton.com.Google Scholar
Qian Tang, L. Linden, J. S. Quarterman, and A. B. Whinston. 2013. Improving internet security through social information and social comparison: A field quasi-experiment. In WEIS 2013.Google Scholar
The Shadowserver Foundation. 2014. GameoverZeus 8 Cryptolocker. Retrieved July 8, 2014 from http://blog.shadowserver.org/2014/06/08/gameover-zeus-cryptolocker/.Google Scholar
Michel van Eeten, Hadi Asghari, Johannes M. Bauer, and Shirin Tabatabaie. 2011. Internet Service Providers and Botnet Mitigation: A fact-finding study on the Dutch market. (2011). Report prepared for the Netherlands Ministry of Economic Affairs, Agriculture and Innovation. Retrieved from http://www.rijksoverheid.nl/documenten-en-publicaties/rapporten/2011/01/13/internet-service-providers-and-botnet-mitigation.html.Google Scholar
Michel van Eeten, Johannes M. Bauer, Hadi Asghari, Shirin Tabatabaie, and Dave Rand. 2010. The Role of Internet Service Providers in Botnet Mitigation: An Empirical Analysis Based on Spam Data. Technical Report. OECD Publishing. Google Scholar
Michel J. G. van Eeten and Johannes M. Bauer. 2008. Economics of Malware: Security Decisions, Incentives and Externalities. Technical Report. OECD Publishing. Google ScholarCross Ref
Chris van’t Hof. 2014. How the Dutch police and public prosecutor form smart coalitions against “bad hosting”. TekTok Retrieved from http://www.tektok.nl/index.php/2014-05-23-11-21-59/147-8-5-how-the-dutch-police-and-public-prosecutor-form-smart-coalitions-against-bad-hosting.Google Scholar
Marie Vasek and Tyler Moore. 2012. Do malware reports expedite cleanup? An experimental study. In Proceedings of the 5th USENIX Conference on Cyber Security Experimentation and Test (CSET’12).Google ScholarDigital Library
Paul Vixie. 2014. Testimony of Paul Vixie before the subcommitee on crime and terorism united states senate committee on the judiciary - hearing on taking down botnets: Public and private eforts to disrupt and dismantle cybercriminal networks. Retrieved from http://www.judiciary.senate.gov/imo/media/doc/07-15-14VixieTestimony.pdf.Google Scholar
Paul Vixie. 2015. Targeted takedowns: Minimizing collateral damage using passive DNS. In Black Hat USA 2015. Retrieved from https://www.blackhat.com/docs/us-15/materials/us-15-Vixie-Targeted-Takedowns-Minimizing-Collateral-Damage-Using-Passive-DNS.pdf.Google Scholar
David Y. Wang, Stefan Savage, and Geoffrey M. Voelker. 2011. Cloak and dagger: Dynamics of web search cloaking. In Proceedings of the 18th ACM Conference on Computer and Communications Security. ACM, 477--490. Google ScholarDigital Library
Steve Webb, James Caverlee, and Calton Pu. 2008. Predicting web spam with HTTP session information. In Proceedings of the 17th ACM Conference on Information and Knowledge Management. ACM, 339--348. Google ScholarDigital Library
James Wyke. 2012. The zeroaccess botnet: Mining and fraud for massive financial gain. Sophos Technical Paper (2012).Google Scholar
Sandeep Yadav, Ashwath Kumar Krishna Reddy, A. L. Reddy, and Supranamaya Ranjan. 2010. Detecting algorithmically generated malicious domain names. In Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement. ACM, 48--61. Google ScholarDigital Library
ZeusTracker. 2016. ZeuS Tracker at abuse.ch. Retrieved from https://zeustracker.abuse.ch.Google Scholar

Index Terms

Abuse Reporting and the Fight Against Cybercrime
1. Social and professional topics
  1. Computing / technology policy

Recommendations

Filtering False Positives Based on Server-Side Behaviors

Reducing the rate of false positives is of vital importance in enhancing the usefulness of signature-based network intrusion detection systems (NIDSs). To reduce the number of false positives, a network administrator must thoroughly investigate a ...
Read More
U.S. Cybercrime Law: Defining Offenses

In recent years, a new term has arisen—“cybercrime”—which essentially denotes the use of computer technology to commit or to facilitate the commission of unlawful acts, or “crimes.” This article explains why we treat cybercrime as a special class of “...
Read More
An Automated Signature-Based Approach against Polymorphic Internet Worms

Capable of infecting hundreds of thousands of hosts, worms represent a major threat to the Internet. However, the defense against them is still an open problem. This paper attempts to answer an important question: How can we distinguish polymorphic ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Computing Surveys Volume 49, Issue 4
December 2017
666 pages
ISSN:0360-0300
EISSN:1557-7341
DOI:10.1145/3022634
Editor:
Sartaj Sahni
Department of Computer and Information Science and Engineering / University of Florida / Gainesville, FL 32611
Issue’s Table of Contents
Copyright © 2017 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 2 January 2017
- Revised: 1 September 2016
- Accepted: 1 September 2016
- Received: 1 July 2015
Published in csur Volume 49, Issue 4

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Cybercrime
abuse reporting
internet security
security economics
Qualifiers
- survey
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 18
  Total Citations
  View Citations
- 1,947
  Total Downloads
- Downloads (Last 12 months)60
- Downloads (Last 6 weeks)5
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abuse Reporting and the Fight Against Cybercrime

ACM Computing Surveys

Abstract

References

Cited By

Index Terms

Recommendations

Filtering False Positives Based on Server-Side Behaviors

U.S. Cybercrime Law: Defining Offenses

An Automated Signature-Based Approach against Polymorphic Internet Worms