No plan survives contact: Experience with cybercrime measurement

Chris Kanich; Neha Chachra; Damon McCoy; Chris Grier; David Y. Wang; Marti Motoyama; Kirill Levchenko; Stefan Savage; Geoffrey M. Voelker

No plan survives contact: Experience with cybercrime measurement

Chris Kanich, Neha Chachra, Damon McCoy, Chris Grier, David Y. Wang, Marti Motoyama, Kirill Levchenko, Stefan Savage, Geoffrey M. Voelker

Research output: Contribution to conference › Paper › peer-review

Abstract

An important mode of empirical security research involves analyzing the behavior, capabilities, and motives of adversaries. By definition, such measurements cannot be conducted in controlled settings and require “engagement” directly with adversaries, their infrastructure or their ecosystem. However, the operational complexities required to successfully carry out such measurements are significant and rarely documented; blacklisting, payment instruments, fraud controls and contact management all represent real challenges in such studies. In this paper, we document our experiences conducting such measurements over five years (covering a range of distinct studies) and distill effective operational practices for others who might conduct similar experiments in the future.

Original language	English (US)
State	Published - 2011
Event	4th Workshop on Cyber Security Experimentation and Test, CSET 2011 - San Francisco, United States Duration: Aug 8 2011 → …

Conference

Conference	4th Workshop on Cyber Security Experimentation and Test, CSET 2011
Country/Territory	United States
City	San Francisco
Period	8/8/11 → …

ASJC Scopus subject areas

Computer Networks and Communications
Safety, Risk, Reliability and Quality

Cite this

@conference{c4380e8296aa416bad805ff891569daf,

title = "No plan survives contact: Experience with cybercrime measurement",

abstract = "An important mode of empirical security research involves analyzing the behavior, capabilities, and motives of adversaries. By definition, such measurements cannot be conducted in controlled settings and require “engagement” directly with adversaries, their infrastructure or their ecosystem. However, the operational complexities required to successfully carry out such measurements are significant and rarely documented; blacklisting, payment instruments, fraud controls and contact management all represent real challenges in such studies. In this paper, we document our experiences conducting such measurements over five years (covering a range of distinct studies) and distill effective operational practices for others who might conduct similar experiments in the future.",

author = "Chris Kanich and Neha Chachra and Damon McCoy and Chris Grier and Wang, {David Y.} and Marti Motoyama and Kirill Levchenko and Stefan Savage and Voelker, {Geoffrey M.}",

year = "2011",

language = "English (US)",

}

TY - CONF

T1 - No plan survives contact

T2 - 4th Workshop on Cyber Security Experimentation and Test, CSET 2011

AU - Kanich, Chris

AU - Chachra, Neha

AU - McCoy, Damon

AU - Grier, Chris

AU - Wang, David Y.

AU - Motoyama, Marti

AU - Levchenko, Kirill

AU - Savage, Stefan

AU - Voelker, Geoffrey M.

PY - 2011

Y1 - 2011

N2 - An important mode of empirical security research involves analyzing the behavior, capabilities, and motives of adversaries. By definition, such measurements cannot be conducted in controlled settings and require “engagement” directly with adversaries, their infrastructure or their ecosystem. However, the operational complexities required to successfully carry out such measurements are significant and rarely documented; blacklisting, payment instruments, fraud controls and contact management all represent real challenges in such studies. In this paper, we document our experiences conducting such measurements over five years (covering a range of distinct studies) and distill effective operational practices for others who might conduct similar experiments in the future.

AB - An important mode of empirical security research involves analyzing the behavior, capabilities, and motives of adversaries. By definition, such measurements cannot be conducted in controlled settings and require “engagement” directly with adversaries, their infrastructure or their ecosystem. However, the operational complexities required to successfully carry out such measurements are significant and rarely documented; blacklisting, payment instruments, fraud controls and contact management all represent real challenges in such studies. In this paper, we document our experiences conducting such measurements over five years (covering a range of distinct studies) and distill effective operational practices for others who might conduct similar experiments in the future.

UR - http://www.scopus.com/inward/record.url?scp=85084163631&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85084163631&partnerID=8YFLogxK

M3 - Paper

AN - SCOPUS:85084163631

Y2 - 8 August 2011

ER -

No plan survives contact: Experience with cybercrime measurement

Abstract

Conference

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this