Abstract
Cybercriminal activity has exploded in the past decade, with diverse threats ranging from phishing attacks to botnets and drive-by-downloads afflicting millions of computers worldwide. In response, a volunteer defense has emerged, led by security companies, infrastructure operators, and vigilantes. This reactionary force does not concern itself with making proactive upgrades to the cyber infrastructure. Instead, it operates on the front lines by remediating infections as they appear. We construct a model of the abuse reporting infrastructure in order to explain how voluntary action against cybercrime functions today, in hopes of improving our understanding of what works and how to make remediation more effective in the future. We examine the incentives to participate among data contributors, affected resource owners, and intermediaries. Finally, we present a series of key attributes that differ among voluntary actions to investigate further through experimentation, pointing toward a research agenda that could establish causality between interventions and outcomes.
- AA419. 2016. Artists Against 419--AA419. Retrieved from https://www.aa419.org.Google Scholar
- Saeed Abu-Nimeh, Dario Nappa, Xinlei Wang, and Suku Nair. 2007. A comparison of machine learning techniques for phishing detection. In Proceedings of the 2nd APWG eCrime Researchers Summit. ACM, 60--69. Google ScholarDigital Library
- Abuse Information Exchange. 2016. Abuse Information Exchange. Retrieved from https://www.abuse informationexchange.nl/english.Google Scholar
- ACDC. 2016. Advanced Cyber Defence Centre. Retrieved from https://www.acdc-project.eu.Google Scholar
- Ross Anderson, Rainer Böhme, Richard Clayton, and Tyler Moore. 2008. Security economics and European policy. In Managing Information Risk and the Economics of Security, M. E. Johnson (Ed.). Springer, 55--80.Google Scholar
- Frankie Angai, Calvin Ching, Isaiah Ng, and Cameron Smith. 2010. Analysis on the Effectiveness of Safe Browsing Services. Technical Report. University of British Columbia.Google Scholar
- Anti-Botnet-Advisory Centre. 2016. Anti-Botnet Advisory Centre. Retrieved from https://www.botfrei.de.Google Scholar
- Manos Antonakakis and Yacin Nadji. 2013. Microsoft DCU—strike three. Now what? Damballa Blog Retrieved from https://www.damballa.com/microsoft-dcu-strike-three-now-what-2/.Google Scholar
- Manos Antonakakis, Roberto Perdisci, Yacin Nadji, Nikolaos Vasiloglou II, Saeed Abu-Nimeh, Wenke Lee, and David Dagon. 2012. From throw-away traffic to bots: Detecting the rise of DGA-based malware. In Proceedings of the USENIX Security Symposium. USENIX, 491--506.Google Scholar
- APWG. 2015. Anti-Phishing Working Group. Retrieved from http://www.antiphishing.org/.Google Scholar
- APWG. 2016. Report Phishing—APWG. Retrieved from https://apwg.org/report-phishing/.Google Scholar
- Hadi Asghari, Michel J. G. van Eeten, and Johannes M. Bauer. 2015. Economics of fighting botnets: Lessons from a decade of mitigation. IEEE Secur. Priv. 13, 5 (2015), 16--23. Google ScholarDigital Library
- Sushma Nagesh Bannur, Lawrence K. Saul, and Stefan Savage. 2011. Judging a site by its content: Learning the textual, structural, and visual features of malicious web pages. In Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence. ACM, 1--10. Google ScholarDigital Library
- BBC. 2014. Millions of German passwords stolen. Retrieved from http://www.bbc.com/news/technology-25825784.Google Scholar
- Leyla Bilge, Engin Kirda, Christopher Kruegel, and Marco Balduzzi. 2011. EXPOSURE: Finding malicious domains using passive DNS analysis. In NDSS.Google Scholar
- Susan W. Brenner. 2004. Distributed security: Moving away from reactive law enforcement. Int. J. Commun. Law Policy 9 (2004).Google Scholar
- Annemarie Bridy. 2015. A user-focused commentary on the TPP’S ISP safe harbors. Stanford IP-Watch Blog. Retrieved from http://cyberlaw.stanford.edu/blog/2015/11/user-focused-commentary-tpp’s-isp-safe-harbors.Google Scholar
- Ian Brown and Chris Marsden. 2007. Co-regulating internet security: The London action plan. In Proceedings of the Global Internet Governance Academic Network 2nd Annual Symposium. Google ScholarCross Ref
- Davide Canali, Davide Balzarotti, and Aurélien Francillon. 2013. The role of web hosting providers in detecting compromised websites. In Proceedings of the 22nd International Conference on World Wide Web. International World Wide Web Conferences Steering Committee, 177--188. Google ScholarDigital Library
- Davide Canali, Marco Cova, Giovanni Vigna, and Christopher Kruegel. 2011. Prophiler: A fast filter for the large-scale detection of malicious web pages. In Proceedings of the 20th International Conference on World Wide Web. ACM, 197--206. Google ScholarDigital Library
- Orcun Cetin, Mohammad Hanif Jhaveri, Carlos Gañán, Michel van Eeten, and Tyler Moore. 2015. Understanding the role of sender reputation in abuse reporting and cleanup. In Proceedings of the 14th Annual Workshop on Economics of Information Security (WEIS’15).Google Scholar
- Neha Chachra, Damon McCoy, Stefan Savage, and Geoffrey M. Voelker. 2014. Empirically characterizing domain abuse and the revenue impact of blacklisting. In Proceedings of the Workshop on the Economics of Information Security (WEIS'15). Retrieved from http://econinfosec.org/archive/weis2014/papers/Chachra-WEIS2014.pdf.Google Scholar
- Pern Hui Chia and Svein Johan Knapskog. 2012. Re-evaluating the wisdom of crowds in assessing web security. In Financial Cryptography and Data Security. Springer, 299--314. Google ScholarDigital Library
- Hyunsang Choi and Heejo Lee. 2012. Identifying botnets by capturing group activities in DNS traffic. Comput. Networks 56, 1 (2012), 20--33. Google ScholarDigital Library
- Richard Clayton. 2009. How much did shutting down McColo help? In Proceedings of the 6th Conference on Email and Antispam (CEAS).Google Scholar
- Richard Clayton. 2010. Might governments clean-up malware? In Proceedings of the 9th Annual Workshop on the Economics of Information Security (WEIS’10). Retrieved from http://weis2010.econinfosec.org/ papers/session4/weis2010_clayton.pdf.Google Scholar
- Conficker Working Group. 2011. Conficker working group: Lessons learned. Retrieved from http://www.confickerworkinggroup.org/wiki/uploads/Conficker_Working_Group_Lessons_Learned_17_June_2010_final.pdf.Google Scholar
- Conficker Working Group. 2016. Conficker Working Group. (2016). Retrieved from http://www.conficker workinggroup.org.Google Scholar
- Cybercrime tracker. 2016. Cybercrime tracker. Retrieved from http://cybercrime-tracker.net.Google Scholar
- Daan de Graaf, Ahmed F. Shosha, and Pavel Gladyshev. 2013. BREDOLAB: Shopping in the cybercrime underworld. In Digital Forensics and Cyber Crime. Springer, 302--313. Google ScholarCross Ref
- David Dittrich. 2012. So you want to take over a botnet. In Proceedings of the 5th USENIX Conference on Large-Scale Exploits and Emergent Threats. USENIX Association, 6--6.Google ScholarDigital Library
- Zakir Durumeric, James Kasten, F. Li, Johanna Amann, Jethro Beekman, Mathias Payer, Nicholas Weaver, J. A. Halderman, Vern Paxson, and Michael Bailey. 2014. The matter of heartbleed. In ACM Internet Measurement Conference (IMC). Google ScholarDigital Library
- Benjamin Edwards, Tyler Moore, George Stelle, Steven Hofmeyr, and Stephanie Forrest. 2012. Beyond the blacklist: Modeling malware spread and the effect of interventions. In Proceedings of the 2012 Workshop on New Security Paradigms. ACM, 53--66. Google ScholarDigital Library
- Europol. 2016. A Collective European Response to Cybercrime. Retrieved from https://www.europol.europa.eu/ec3.Google Scholar
- Facebook. 2016. Threat Exchange—Threat Exchange - Facebook for Developers. Retrieved from https://developers.facebook.com/products/threat-exchange.Google Scholar
- FBI. 2016. FBI Cyber Crimes Division. Retrieved from http://www.fbi.gov/about-us/investigate/cyber.Google Scholar
- FireEye. 2016. Cyber Security 8 Malware Protection—FireEye, Inc. Retrieved from http://www.fireeye.com.Google Scholar
- Carlos Gañán, Orcun Cetin, and Michel van Eeten. 2015. An empirical analysis of ZeuS C8C lifetime. In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security. ACM, 97--108.Google ScholarDigital Library
- Natalie Goguen. 2014. Update: Details on Microsoft Takeover. Retrieved July, 10 2014 from http://www.noip.com/blog/2014/07/10/microsoft-takedown-details-updates/.Google Scholar
- Google. 2016a. Google Developers—Safe Browsing API. Retrieved 2016 from https://developers.google.com/ safe-browsing.Google Scholar
- Google. 2016b. Search Console. Retrieved June 23, 2016 https://www.google.com/webmasters/tools/home?hl=en.Google Scholar
- Alexander Hars and Shaosong Ou. 2001. Working for free? Motivations of participating in open source projects. In Proceedings of the 34th Annual Hawaii International Conference on System Sciences. IEEE, 9--pp. Google ScholarCross Ref
- Janine S. Hiller. 2014. Civil cyberconflict: Microsoft, cybercrime, and botnets. Santa Clara Comput. High Tech. LJ 31 (2014), 163.Google Scholar
- ISAC. 2016. About—Information Sharing and Analysis Center. Retrieved from https://certisac.org/about.isac.eu. 2016. isac.eu. Retrieved from http://isac.eu.Google Scholar
- John P. John, Fang Yu, Yinglian Xie, Arvind Krishnamurthy, and Martin Abadi. 2011. deSEO: Combating search-result poisoning. In Proceedings of the USENIX Security Symposium. USENIX Association.Google Scholar
- Antti Kiuru. 2016. Incident Response Made Better by Agile Robots. Retrieved from June 13, 2016 https://www.first.org/resources/papers/conf2016/FIRST-2016-110.pdf.Google Scholar
- Alexander Klimburg. 2011. Mobilising cyber power. Survival 53, 1 (2011), 41--60. Google ScholarCross Ref
- Brian Krebs. 2008. Host of internet spam groups is cut off. Washington Post, Nov 12 (2008). Retrieved from http://www.washingtonpost.com/wp-dyn/content/article/2008/11/12/AR2008111200658.html.Google Scholar
- Brian Krebs. 2010. Talking bots with Japan’s “cyber clean center.” KrebsonSecurity Retrieved from http://krebsonsecurity.com/2010/03/talking-bots-with-japans-cyber-clean-center.Google Scholar
- Marc Kührer, Christian Rossow, and Thorsten Holz. 2014. Paint it black: Evaluating the effectiveness of malware blacklists. In Research in Attacks, Intrusions and Defenses. Springer, 1--21. Google ScholarCross Ref
- Karim R. Lakhani and Robert G. Wolf. 2005. Why hackers do what they do: Understanding motivation and effort in free/open source software projects. Perspect. Free Open Source Softw. 1 (2005), 3--22.Google Scholar
- Felix Leder, Tillmann Werner, and Peter Martini. 2009. Proactive botnet countermeasures--an offensive approach. Virtual Battlefield: Perspect. Cyber Warf. 3 (2009), 211--225.Google Scholar
- Nektarios Leontiadis, Tyler Moore, and Nicolas Christin. 2011. Measuring and analyzing search-redirection attacks in the illicit online prescription drug trade. In Proceedings of USENIX Security 2011. San Francisco, CA.Google Scholar
- Nektarios Leontiadis, Tyler Moore, and Nicolas Christin. 2014. A nearly four-year longitudinal study of search-engine poisoning. In Proceedings of ACM CCS 2014. Google ScholarDigital Library
- Frank Li, Grant Ho, Eric Kuan, Yuan Niu, Lucas Ballard, Kurt Thomas, Elie Bursztein, and Vern Paxson. 2016. Remedying web hijacking: Notification effectiveness and webmaster comprehension. In Proceedings of the International World Wide Web Conference.Google ScholarDigital Library
- Doug Lichtman and Eric Posner. 2006. Holding internet service providers accountable. Supr. Court Econ. Rev. (2006), 221--259.Google Scholar
- Phillip Lin. 2009. Anatomy of the mega-d takedown. Network Secur. 2009, 12 (2009), 4--7. Google ScholarDigital Library
- He Liu, Kirill Levchenko, Márk Félegyházi, Christian Kreibich, Gregor Maier, Geoffrey M. Voelker, and Stefan Savage. 2011. On the effects of registrar-level intervention. In Proceedings of the 4th USENIX LEET.Google Scholar
- Jason Livingood, Nirmal Mody, and Mike O’Reirdan. 2012. Recommendations for the Remediation of Bots in ISP Networks. RFC 6561 (Informational). Retrieved from http://www.ietf.org/rfc/rfc6561.txt.Google Scholar
- Shih-Fang Lo and Her-Jiun Sheu. 2007. Is corporate sustainability a value-increasing strategy for business? Corp. Gov.: Int. Rev. 15, 2 (2007), 345--358. Google ScholarCross Ref
- Malware Must Die. 2016. Homepage. Retrieved from http://malwaremustdie.orgGoogle Scholar
- Steve Mansfield-Devine. 2010. Battle of the botnets. Netw. Secur. 2010, 5 (2010), 4--6. Google ScholarDigital Library
- Niels Provos Panayiotis Mavrommatis and Moheeb Abu Rajab Fabian Monrose. 2008. All your iFrames point to us. In Proceedings of the 17th USENIX Security Symposium.Google Scholar
- MDL. 2016. Malware domain List (MDL). Retrieved from http://www.malwaredomainlist.com.Google Scholar
- Messaging Anti-Abuse Working Group. 2007. M3AAWG best practices for the use of a walled garden. San Francisco, CA (2007).Google Scholar
- Leigh Metcalf and Jonathan M. Spring. 2013. Everything You Wanted to Know About Blacklists But Were Afraid to Ask. Technical Report. Software Engineering Institute—Carnegie Mellon University.Google Scholar
- Microsoft News Center. 2013. Microsoft, the FBI, Europol and industry partners disrupt the notorious ZeroAccess botnet. (December 2013). Retrieved December 5, 2013 from https://news.microsoft.com/2013/12/05/microsoft-the-fbi-europol-and-industry-partners-disrupt-the-notorious-zeroaccess-botnet/.Google Scholar
- Nirmal Mody, Alex Kasyanov, Jason Livingood, Brian Lieu, and Chae Chung. 2011. Comcast’s Web Notification System Design. RFC 6108 (Informational). (February 2011). DOI:http://dx.doi.org/10.17487/rfc6108 Google ScholarCross Ref
- Meaghan Molloy. 2014. Operation Tovar: The Latest Attempt to Eliminate Key Botnets. Retrieved July 8, 2014 from https://www.fireeye.com/blog/threat-research/2014/07/operation-tovar-the-latest-attempt-to-eliminate-key-botnets.html.Google Scholar
- Tyler Moore. 2010. The economics of cybersecurity: Principles and policy options. Int. J. Crit. Infrastruct. Protect. 3, 3--4 (2010), 103--117.Google ScholarCross Ref
- Tyler Moore and R. Clayton. 2007. Examining the impact of website take-down on phishing. In Proceedings of the 2nd APWG eCrime Researcher’s Summit. Google ScholarDigital Library
- Tyler Moore and Richard Clayton. 2008a. The consequence of non-cooperation in the fight against phishing. In Proceedings of the 3rd APWG eCrime Researchers Summit. Google ScholarCross Ref
- Tyler Moore and Richard Clayton. 2008b. Evaluating the wisdom of crowds in assessing phishing websites. In Financial Cryptography and Data Security (Lecture Notes in Computer Science), Gene Tsudik (Ed.), Vol. 5143. Springer, 16--30. Retrieved from http://lyle.smu.edu/∼tylerm/fc08.pdf.Google Scholar
- Tyler Moore and Richard Clayton. 2009a. Evil searching: Compromisel and recompromise of internet hosts for phishing. In Proceedings of the 13th International Conference on Financial Cryptography and Data Security. Google ScholarDigital Library
- Tyler Moore and Richard Clayton. 2009b. The impact of incentives on notice and take-down. In Managing Information Risk and the Economics of Security, M. E. Johnson (Ed.). Springer, 199--223. Google ScholarCross Ref
- Tyler Moore and Richard Clayton. 2011. The impact of public information on phishing attack and defense. Commun. Strat. 1, 81 (2011), 45--68.Google Scholar
- Deirdre K. Mulligan and Fred B. Schneider. 2011. Doctrine for cybersecurity. Daedalus 140, 4 (2011), 70--92. Google ScholarCross Ref
- Yacin Nadji, Manos Antonakakis, Roberto Perdisci, David Dagon, and Wenke Lee. 2013. Beheading hydras: Performing effective botnet takedowns. In Proceedings of the 2013 ACM SIGSAC Conference on Computer 8 Communications Security. ACM, 121--132. Google ScholarDigital Library
- Antonio Nappa, M. Zubair Rafique, and Juan Caballero. 2013. Driving in the cloud: An analysis of drive-by download operations and abuse reporting. In Proceedings of the 10th Conference on Detection of Intrusions and Malware 8 Vulnerability Assessment. Springer, Berlin, 1--20. Google ScholarDigital Library
- National Council of ISACs. 2016. National Council of ISACs—About NCI. Retrieved from http://www.nationalisacs.org/about-nci.Google Scholar
- Alexandros Ntoulas, Marc Najork, Mark Manasse, and Dennis Fetterly. 2006. Detecting spam web pages through content analysis. In Proceedings of the 15th International Conference on World Wide Web. ACM, 83--92. Google ScholarDigital Library
- Roberto Perdisci, Igino Corona, David Dagon, and Wenke Lee. 2009. Detecting malicious flux service networks through passive analysis of recursive DNS traces. In Computer Security Applications Conference, 2009. ACSAC’09. Annual. 311--320. Google ScholarDigital Library
- Nicole Perlroth and David Gelles. 2014. Russian Hackers Amass Over a Billion Internet Passwords. Retrieved from http://nytimes.com/2014/08/06/technology/russian-gang-said-to-amass-more-than-a-billion-stolen-internet-credentials.html.Google Scholar
- Jason H. Peterson, Lydia Segal, and Anthony Eonas. 2014. Global cyber intermediary liability: A legal 8 cultural strategy. Pace Law Rev. 34 (2014), 586.Google Scholar
- PhishTank. 2016. PhishTank. Retrieved from https://www.phishtank.com/.Google Scholar
- Michael Piatek, Tadayoshi Kohno, and Arvind Krishnamurthy. 2008. Challenges and directions for monitoring P2P file sharing networks—or why my printer received a DMCA takedown notice. In Proceeding of the 3rd USENIX Workshop on Hot Topics in Security (HotSec’08). Retrieved from http://www.usenix.org/events/hotsec08/tech/full_papers/piatek/piatek.pdf.Google Scholar
- Andreas Pitsillidis, Chris Kanich, Geoffrey M. Voelker, Kirill Levchenko, and Stefan Savage. 2012. Taster’s choice: A comparative analysis of spam feeds. In Proceedings of the ACM SIGCOMM Conference on Internet Measurement. 427--440. Google ScholarDigital Library
- Tim Rains. 2014. And the Gold Medal Goes to ...Finland! Retrieved Feburary 20, 2014 https://blogs.microsoft.com/cybertrust/2014/02/20/and-the-gold-medal-goes-to-finland/.Google Scholar
- Anirudh Ramachandran, David Dagon, and Nick Feamster. 2006. Can DNS-based blacklists keep up with bots? In CEAS. Citeseer.Google Scholar
- Raytheon. 2016. Forcepoint. Retrieved from https://www.forcepoint.com.Google Scholar
- Marco Riccardi, David Oro, Jesus Luna, Marco Cremonini, and Marc Vilanova. 2010. A framework for financial botnet analysis. In eCrime Researchers Summit (eCrime), 2010. IEEE, 1--7. Google ScholarCross Ref
- Christian Rossow. 2014. Amplification hell: Revisiting network protocols for DDoS abuse. In Proceedings of the 2014 Network and Distributed System Security (NDSS) Symposium.Google ScholarCross Ref
- Christian Rossow, Dennis Andriesse, Tillmann Werner, Brett Stone-Gross, Daniel Plohmann, Christian J. Dietrich, and Herbert Bos. 2013. Sok: P2pwned-modeling and evaluating the resilience of peer-to-peer botnets. In Proceedings of the 2013 IEEE Symposium onSecurity and Privacy (SP). IEEE, 97--111. Google ScholarDigital Library
- SANS Institute. 2016. SANS Information Security Training. Retrieved from http://www.sans.org.Google Scholar
- Shadowserver. 2016. Shadowserver Foundation. Retrieved from https://www.shadowserver.org.Google Scholar
- Steve Sheng, Brad Wardman, Gary Warner, Lorrie Cranor, Jason Hong, and Chengshan Zhang. 2009. An empirical analysis of phishing blacklists. In Sixth Conference on Email and Anti-Spam (CEAS).Google Scholar
- Aditya K. Sood and Richard J. Enbody. 2013. Crimeware-as-a-service—a survey of commoditized crimeware in the underground market. Int. J. Crit. Infrastruct. Protect. 6, 1 (2013), 28--38. Google ScholarCross Ref
- Spamhaus. 2016. Spamhaus Datafeed. Retrieved from http://www.spamhaus.org/datafeed.Google Scholar
- STC 2007. Personal Internet Security. Technical Report. Authority of the House of Lords. Retrieved from http://www.publications.parliament.uk/pa/ld200607/ldselect/ldsctech/165/165ii.pdf.Google Scholar
- Brett Stone-Gross, Marco Cova, Christopher Kruegel, and Giovanni Vigna. 2011a. Peering through the iframe. In Proceedings of the 2011 IEEE INFOCOM. IEEE, 411--415. Google ScholarCross Ref
- Brett Stone-Gross, Thorsten Holz, Gianluca Stringhini, and Giovanni Vigna. 2011b. The underground economy of spam: A botmaster’s perspective of coordinating large-scale spam campaigns. In Proceedings of the 4th USENIX Conference on Large-scale Exploits and Emergent Threats (LEET’11). USENIX Association, Berkeley, CA, 4--4.Google Scholar
- Brett Stone-Gross, Christopher Kruegel, Kevin Almeroth, Andreas Moser, and Engin Kirda. 2009. Fire: Finding rogue networks. In Proceedings of the 2009 Computer Security Applications Conference (ACSAC’09). IEEE, 231--240. Google ScholarDigital Library
- Stop Escrow Fraud. 2016. Home - Escrow Fraud Prevention. Retrieved from http://www.escrow-fraud.com.Google Scholar
- StopBadware. 2011. The State of Badware. Technical Report. StopBadware. Retrieved from https://www.stopbadware.org/files/state-of-badware-june-2011.pdf.Google Scholar
- StopBadware. 2016. Data Sharing Program. Retreived from https://www.stopbadware.org/data-sharing.Google Scholar
- Symantec. 2016a. Blue Coat—Network + Security + Cloud. Retrieved from https://www.bluecoat.com.Google Scholar
- Symantec. 2016b. Norton Safe Web. Retrieved from https://safeweb.norton.com.Google Scholar
- Qian Tang, L. Linden, J. S. Quarterman, and A. B. Whinston. 2013. Improving internet security through social information and social comparison: A field quasi-experiment. In WEIS 2013.Google Scholar
- The Shadowserver Foundation. 2014. GameoverZeus 8 Cryptolocker. Retrieved July 8, 2014 from http://blog.shadowserver.org/2014/06/08/gameover-zeus-cryptolocker/.Google Scholar
- Michel van Eeten, Hadi Asghari, Johannes M. Bauer, and Shirin Tabatabaie. 2011. Internet Service Providers and Botnet Mitigation: A fact-finding study on the Dutch market. (2011). Report prepared for the Netherlands Ministry of Economic Affairs, Agriculture and Innovation. Retrieved from http://www.rijksoverheid.nl/documenten-en-publicaties/rapporten/2011/01/13/internet-service-providers-and-botnet-mitigation.html.Google Scholar
- Michel van Eeten, Johannes M. Bauer, Hadi Asghari, Shirin Tabatabaie, and Dave Rand. 2010. The Role of Internet Service Providers in Botnet Mitigation: An Empirical Analysis Based on Spam Data. Technical Report. OECD Publishing. Google Scholar
- Michel J. G. van Eeten and Johannes M. Bauer. 2008. Economics of Malware: Security Decisions, Incentives and Externalities. Technical Report. OECD Publishing. Google ScholarCross Ref
- Chris van’t Hof. 2014. How the Dutch police and public prosecutor form smart coalitions against “bad hosting”. TekTok Retrieved from http://www.tektok.nl/index.php/2014-05-23-11-21-59/147-8-5-how-the-dutch-police-and-public-prosecutor-form-smart-coalitions-against-bad-hosting.Google Scholar
- Marie Vasek and Tyler Moore. 2012. Do malware reports expedite cleanup? An experimental study. In Proceedings of the 5th USENIX Conference on Cyber Security Experimentation and Test (CSET’12).Google ScholarDigital Library
- Paul Vixie. 2014. Testimony of Paul Vixie before the subcommitee on crime and terorism united states senate committee on the judiciary - hearing on taking down botnets: Public and private eforts to disrupt and dismantle cybercriminal networks. Retrieved from http://www.judiciary.senate.gov/imo/media/doc/07-15-14VixieTestimony.pdf.Google Scholar
- Paul Vixie. 2015. Targeted takedowns: Minimizing collateral damage using passive DNS. In Black Hat USA 2015. Retrieved from https://www.blackhat.com/docs/us-15/materials/us-15-Vixie-Targeted-Takedowns-Minimizing-Collateral-Damage-Using-Passive-DNS.pdf.Google Scholar
- David Y. Wang, Stefan Savage, and Geoffrey M. Voelker. 2011. Cloak and dagger: Dynamics of web search cloaking. In Proceedings of the 18th ACM Conference on Computer and Communications Security. ACM, 477--490. Google ScholarDigital Library
- Steve Webb, James Caverlee, and Calton Pu. 2008. Predicting web spam with HTTP session information. In Proceedings of the 17th ACM Conference on Information and Knowledge Management. ACM, 339--348. Google ScholarDigital Library
- James Wyke. 2012. The zeroaccess botnet: Mining and fraud for massive financial gain. Sophos Technical Paper (2012).Google Scholar
- Sandeep Yadav, Ashwath Kumar Krishna Reddy, A. L. Reddy, and Supranamaya Ranjan. 2010. Detecting algorithmically generated malicious domain names. In Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement. ACM, 48--61. Google ScholarDigital Library
- ZeusTracker. 2016. ZeuS Tracker at abuse.ch. Retrieved from https://zeustracker.abuse.ch.Google Scholar
Index Terms
- Abuse Reporting and the Fight Against Cybercrime
Recommendations
Filtering False Positives Based on Server-Side Behaviors
Reducing the rate of false positives is of vital importance in enhancing the usefulness of signature-based network intrusion detection systems (NIDSs). To reduce the number of false positives, a network administrator must thoroughly investigate a ...
U.S. Cybercrime Law: Defining Offenses
In recent years, a new term has arisen—“cybercrime”—which essentially denotes the use of computer technology to commit or to facilitate the commission of unlawful acts, or “crimes.” This article explains why we treat cybercrime as a special class of “...
An Automated Signature-Based Approach against Polymorphic Internet Worms
Capable of infecting hundreds of thousands of hosts, worms represent a major threat to the Internet. However, the defense against them is still an open problem. This paper attempts to answer an important question: How can we distinguish polymorphic ...
Comments