TY - CONF
T1 - No plan survives contact
T2 - 4th Workshop on Cyber Security Experimentation and Test, CSET 2011
AU - Kanich, Chris
AU - Chachra, Neha
AU - McCoy, Damon
AU - Grier, Chris
AU - Wang, David Y.
AU - Motoyama, Marti
AU - Levchenko, Kirill
AU - Savage, Stefan
AU - Voelker, Geoffrey M.
N1 - Funding Information:
We would like to thank the anonymous reviewers and Steve Schwab, our shepherd, for their helpful feedback and comments. In the various projects supported and enabled by the efforts described in this paper, many individuals and organizations aided our work over the years and we wish to gratefully acknowledge their contributions, support, and feedback. In particular, we would like Chris Fleizach and David Anderson who, early on, were willing to chip away at understanding the spam business model. This work was supported in part by National Science Foundation grants NSF-0433668, NSF-0831138 and CNS-0905631, by the Office of Naval Research MURI grant N000140911081, and by generous research, operational and/or in-kind support from Google, Microsoft, Yahoo, Cisco, HP and the UCSD Center for Networked Systems (CNS). McCoy was supported by a CCC-CRA-NSF Computing Innovation Fellowship.
PY - 2011
Y1 - 2011
N2 - An important mode of empirical security research involves analyzing the behavior, capabilities, and motives of adversaries. By definition, such measurements cannot be conducted in controlled settings and require “engagement” directly with adversaries, their infrastructure or their ecosystem. However, the operational complexities required to successfully carry out such measurements are significant and rarely documented; blacklisting, payment instruments, fraud controls and contact management all represent real challenges in such studies. In this paper, we document our experiences conducting such measurements over five years (covering a range of distinct studies) and distill effective operational practices for others who might conduct similar experiments in the future.
AB - An important mode of empirical security research involves analyzing the behavior, capabilities, and motives of adversaries. By definition, such measurements cannot be conducted in controlled settings and require “engagement” directly with adversaries, their infrastructure or their ecosystem. However, the operational complexities required to successfully carry out such measurements are significant and rarely documented; blacklisting, payment instruments, fraud controls and contact management all represent real challenges in such studies. In this paper, we document our experiences conducting such measurements over five years (covering a range of distinct studies) and distill effective operational practices for others who might conduct similar experiments in the future.
UR - http://www.scopus.com/inward/record.url?scp=85084163631&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85084163631&partnerID=8YFLogxK
M3 - Paper
AN - SCOPUS:85084163631
Y2 - 8 August 2011
ER -