Abuse reporting and the fight against cybercrime

Mohammad Hanif Jhaveri; Feyzullah Cetin; Carlos Gañán; Tyler Moore; Michel Van Eeten

doi:10.1145/3003147

Abuse reporting and the fight against cybercrime

Mohammad Hanif Jhaveri, Feyzullah Cetin, Carlos Gañán, Tyler Moore, Michel Van Eeten

Organisation & Governance

Research output: Contribution to journal › Article › Scientific › peer-review

25 Citations (Scopus)

Abstract

Cybercriminal activity has exploded in the past decade, with diverse threats ranging from phishing attacks to botnets and drive-by-downloads afflicting millions of computers worldwide. In response, a volunteer defense has emerged, led by security companies, infrastructure operators, and vigilantes. This reactionary force does not concern itself with making proactive upgrades to the cyber infrastructure. Instead, it operates on the front lines by remediating infections as they appear. We construct a model of the abuse reporting infrastructure in order to explain how voluntary action against cybercrime functions today, in hopes of improving our understanding of what works and how to make remediation more effective in the future. We examine the incentives to participate among data contributors, affected resource owners, and intermediaries. Finally, we present a series of key attributes that differ among voluntary actions to investigate further through experimentation, pointing toward a research agenda that could establish causality between interventions and outcomes.

Original language	English
Article number	68
Pages (from-to)	1-27
Number of pages	27
Journal	ACM Computing Surveys (CSUR)
Volume	49
Issue number	4
DOIs	https://doi.org/10.1145/3003147
Publication status	Published - 2017

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1145/3003147

Cybersecurity (TPM)
van Eeten, M. J. G., Hernandez Ganan, C., Gürses, F. S., van Wegberg, R. S., Parkin, S. E., Zhauniarovich, Y., van Engelenburg, S. H., Kadenko, N. I., Labunets, K., Akyazi, U., Bouwman, X. B., Jansen, B. A., Kaur, M., Al Alsadi, A., Lone, Q. B., Turcios Rodriguez, E. R., Vermeer, M., van Harten, V. T. C., Vetrivel, S., Oomens, E. (. C. )., Kustosch, L. F., Bisogni, F., Ciere, M., Fiebig, T., Korczynski, M. T., Moreira Moura, G. C., Noroozian, A., Pieters, W., Tajalizadehkhoob, S., Dacier, B. H. A., San José Sanchez, J., Çetin, F. O. & Zannettou, S.
1/01/10 → …
Project: Research

Cite this

@article{cb43e132ae5946348949a5fea78a4631,

title = "Abuse reporting and the fight against cybercrime",

abstract = "Cybercriminal activity has exploded in the past decade, with diverse threats ranging from phishing attacks to botnets and drive-by-downloads afflicting millions of computers worldwide. In response, a volunteer defense has emerged, led by security companies, infrastructure operators, and vigilantes. This reactionary force does not concern itself with making proactive upgrades to the cyber infrastructure. Instead, it operates on the front lines by remediating infections as they appear. We construct a model of the abuse reporting infrastructure in order to explain how voluntary action against cybercrime functions today, in hopes of improving our understanding of what works and how to make remediation more effective in the future. We examine the incentives to participate among data contributors, affected resource owners, and intermediaries. Finally, we present a series of key attributes that differ among voluntary actions to investigate further through experimentation, pointing toward a research agenda that could establish causality between interventions and outcomes.",

author = "Jhaveri, {Mohammad Hanif} and Feyzullah Cetin and Carlos Ga{\~n}{\'a}n and Tyler Moore and Eeten, {Michel Van}",

year = "2017",

doi = "10.1145/3003147",

language = "English",

volume = "49",

pages = "1--27",

journal = "ACM Computing Surveys (CSUR)",

publisher = "Association for Computing Machinery (ACM)",

number = "4",

}

TY - JOUR

T1 - Abuse reporting and the fight against cybercrime

AU - Jhaveri, Mohammad Hanif

AU - Cetin, Feyzullah

AU - Gañán, Carlos

AU - Moore, Tyler

AU - Eeten, Michel Van

PY - 2017

Y1 - 2017

N2 - Cybercriminal activity has exploded in the past decade, with diverse threats ranging from phishing attacks to botnets and drive-by-downloads afflicting millions of computers worldwide. In response, a volunteer defense has emerged, led by security companies, infrastructure operators, and vigilantes. This reactionary force does not concern itself with making proactive upgrades to the cyber infrastructure. Instead, it operates on the front lines by remediating infections as they appear. We construct a model of the abuse reporting infrastructure in order to explain how voluntary action against cybercrime functions today, in hopes of improving our understanding of what works and how to make remediation more effective in the future. We examine the incentives to participate among data contributors, affected resource owners, and intermediaries. Finally, we present a series of key attributes that differ among voluntary actions to investigate further through experimentation, pointing toward a research agenda that could establish causality between interventions and outcomes.

AB - Cybercriminal activity has exploded in the past decade, with diverse threats ranging from phishing attacks to botnets and drive-by-downloads afflicting millions of computers worldwide. In response, a volunteer defense has emerged, led by security companies, infrastructure operators, and vigilantes. This reactionary force does not concern itself with making proactive upgrades to the cyber infrastructure. Instead, it operates on the front lines by remediating infections as they appear. We construct a model of the abuse reporting infrastructure in order to explain how voluntary action against cybercrime functions today, in hopes of improving our understanding of what works and how to make remediation more effective in the future. We examine the incentives to participate among data contributors, affected resource owners, and intermediaries. Finally, we present a series of key attributes that differ among voluntary actions to investigate further through experimentation, pointing toward a research agenda that could establish causality between interventions and outcomes.

U2 - 10.1145/3003147

DO - 10.1145/3003147

M3 - Article

VL - 49

SP - 1

EP - 27

JO - ACM Computing Surveys (CSUR)

JF - ACM Computing Surveys (CSUR)

IS - 4

M1 - 68

ER -

Abuse reporting and the fight against cybercrime

Abstract

UN SDGs

Access to Document

Fingerprint

Projects

Cybersecurity (TPM)

Cite this