Abstract
An important mode of empirical security research involves analyzing the behavior, capabilities, and motives of adversaries. By definition, such measurements cannot be conducted in controlled settings and require “engagement” directly with adversaries, their infrastructure or their ecosystem. However, the operational complexities required to successfully carry out such measurements are significant and rarely documented; blacklisting, payment instruments, fraud controls and contact management all represent real challenges in such studies. In this paper, we document our experiences conducting such measurements over five years (covering a range of distinct studies) and distill effective operational practices for others who might conduct similar experiments in the future.
Original language | English (US) |
---|---|
State | Published - 2011 |
Event | 4th Workshop on Cyber Security Experimentation and Test, CSET 2011 - San Francisco, United States Duration: Aug 8 2011 → … |
Conference
Conference | 4th Workshop on Cyber Security Experimentation and Test, CSET 2011 |
---|---|
Country/Territory | United States |
City | San Francisco |
Period | 8/8/11 → … |
ASJC Scopus subject areas
- Computer Networks and Communications
- Safety, Risk, Reliability and Quality