Abstract
Spam and other electronic abuses have long been a focus of computer security research. However, recent work in the domain has emphasized an economic analysis of these operations in the hope of understanding and disrupting the profit model of attackers. Such studies do not lend themselves to passive measurement techniques. Instead, researchers have become middle-men or active participants in spam behaviors; methodologies that lie at an interesting juncture of legal, ethical, and human subject (e.g., IRB) guidelines.
In this work two such experiments serve as case studies: One testing a novel link spam model on Wikipedia and another using blackhat software to target blog comments and forums. Discussion concentrates on the experimental design process, especially as influenced by human-subject policy. Case studies are used to frame related work in the area, and scrutiny reveals the computer science community requires greater consistency in evaluating research of this nature.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Curtin: Research management, http://research.curtin.edu.au/guides/
UPenn: Office of regulatory affairs, http://www.upenn.edu/regulatoryaffairs/
XRumer (Blackhat SEO software), http://www.xrumerseo.com/
Abu-Nimeh, S., Chen, T.: Proliferation and detection of blog spam. IEEE Security and Privacy 8(5), 42–47 (2010)
Allman, M.: What ought a program committee to do? In: USENIX Workshop on Organizing Workshops, Conferences, and Symposia for Computer Systems (2008)
Buchanan, E.A., Ess, C.M.: Internet research ethics and institutional review boards: Current practices and issues. SIGCAS Computers and Society 39(3) (2009)
Burstein, A.J.: Conducting cybersecurity research legally and ethically. In: LEET: Proc. of the Wkshp. on Large-Scale Exploits and Emergent Threats (2008)
Dittrich, D., Bailey, M., Dietrich, S.: Building an active computer security ethics community. IEEE Security and Privacy 9(4) (July/August 2011)
Garfinkel, S.L., Cranor, L.F.: Institutional review boards and your research. Communications of the ACM 53(6), 38–40 (2010)
Hayati, P., Firoozeh, N., Potdar, V., Chai, K.: How much money do spammers make from your website? (Working paper, in submission)
Head, B.: Storage bills top $43,000 say spam-busters. ITWire.com (August 2011), http://www.itwire.com/business-it-news/security/49239-storage-bills-top-43000-say-spam-busters
Kanich, C., Chachra, N., McCoy, D., Grier, C., Wang, D., Motoyama, M., Levchenko, K., Savage, S., Voelker, G.M.: No plan survives contact: Experience with cybercrime measurement. In: CSET 2011: Proceedings of the 3rd Workshop on Cyber Security Experimentation and Test (August 2011)
Kanich, C., Kreibich, C., Levchenko, K., Enright, B., Voelker, G.M., Paxson, V., Savage, S.: Spamalytics: An empirical market analysis of spam marketing conversion. In: CCS 2008: Proc. of the Conf. on Computer and Comm. Security (2008)
Kanich, C., Weaver, N., McCoy, D., Halvorson, T., Kreibich, C., Levchenko, K., Paxson, V., Voelker, G.M., Savage, S.: Show me the money: Characterizing spam-advertised revenue. In: Proc. of the USENIX Security Symposium (August 2011)
Levchenko, K., Chachra, N., Enright, B., Felegyhazi, M., Grier, C., Halvorson, T., Kanich, C., Kreibich, C., Liu, H., McCoy, D., Pitsillidis, A., Weaver, N., Paxson, V., Voelker, G.M., Savage, S.: Click trajectories: End-to-end analysis of the spam value chain. In: Proc. of the IEEE Symposium on Security and Privacy (2011)
Matwyshyn, A.M., Cui, A., Keromytis, A.D., Stolfo, S.J.: Ethics in security vulnerability research. IEEE Security and Privacy 8, 67–72 (2010)
Milkman, K.L., Akinola, M., Chugh, D.: The temporal discrimination effect: An audit study of university professors (Working paper)
Moore, T., Anderson, R.: Economics and Internet security: A survey of recent analytical, empirical and behavioral research. Tech. Rep. TR-03-11, Harvard University, Department of Computer Science (2011)
Motoyama, M., Levchenko, K., Kanich, C., McCoy, D., Voekler, G.M., Savage, S.: Re: CAPTCHAs - Understanding CAPTCHA-solving services in an economic context. In: USENIX Security Symposium (August 2010)
Nathaniel, T.J., Johnson, N., Jakobsson, M.: Social phishing. Communications of the ACMÂ 50(10) (October 2007)
Shin, Y., Gupta, M., Myers, S.: The nuts and bolts of a forum spam automator. In: LEET: Proc. of the Wkshp. on Large-Scale Exploits and Emergent Threats (2011)
Ur, B.E., Ganapathy, V.: Evaluating attack amplification in online social networks. In: W2SP 2009: The Workshop on Web 2.0 Security and Privacy (2009)
Walther, J.B.: Research ethics in Internet-enabled research: Human subjects issues and methodological myopia. Ethics and Info. Technology 4(3), 205–216 (2002)
West, A.G., Agrawal, A., Baker, P., Exline, B., Lee, I.: Autonomous link spam detection in purely collaborative environments. In: WikiSym 2011: Proc. of the Seventh International Symposium on Wikis and Open Collaboration (October 2011)
West, A.G., Chang, J., Venkatasubramanian, K., Sokolsky, O., Lee, I.: Link spamming Wikipedia for profit. In: CEAS 2011: Proc. of the Eighth Annual Collaboration, Electronic Messaging, Anti-Abuse, and Spam Conference (September 2011)
West, A.G., Lee, I.: What Wikipedia deletes: Characterizing dangerous collaborative content. In: WikiSym 2011: Proc. of the Seventh International Symposium on Wikis and Open Collaboration (October 2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
West, A.G., Hayati, P., Potdar, V., Lee, I. (2012). Spamming for Science: Active Measurement in Web 2.0 Abuse Research. In: Blyth, J., Dietrich, S., Camp, L.J. (eds) Financial Cryptography and Data Security. FC 2012. Lecture Notes in Computer Science, vol 7398. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34638-5_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-34638-5_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34637-8
Online ISBN: 978-3-642-34638-5
eBook Packages: Computer ScienceComputer Science (R0)