Spamming for Science: Active Measurement in Web 2.0 Abuse Research

  • Andrew G. West
  • Pedram Hayati
  • Vidyasagar Potdar
  • Insup Lee
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7398)

Abstract

Spam and other electronic abuses have long been a focus of computer security research. However, recent work in the domain has emphasized an economic analysis of these operations in the hope of understanding and disrupting the profit model of attackers. Such studies do not lend themselves to passive measurement techniques. Instead, researchers have become middle-men or active participants in spam behaviors; methodologies that lie at an interesting juncture of legal, ethical, and human subject (e.g., IRB) guidelines.

In this work two such experiments serve as case studies: One testing a novel link spam model on Wikipedia and another using blackhat software to target blog comments and forums. Discussion concentrates on the experimental design process, especially as influenced by human-subject policy. Case studies are used to frame related work in the area, and scrutiny reveals the computer science community requires greater consistency in evaluating research of this nature.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Curtin: Research management, http://research.curtin.edu.au/guides/
  2. 2.
    UPenn: Office of regulatory affairs, http://www.upenn.edu/regulatoryaffairs/
  3. 3.
    XRumer (Blackhat SEO software), http://www.xrumerseo.com/
  4. 4.
    Abu-Nimeh, S., Chen, T.: Proliferation and detection of blog spam. IEEE Security and Privacy 8(5), 42–47 (2010)CrossRefGoogle Scholar
  5. 5.
    Allman, M.: What ought a program committee to do? In: USENIX Workshop on Organizing Workshops, Conferences, and Symposia for Computer Systems (2008)Google Scholar
  6. 6.
    Buchanan, E.A., Ess, C.M.: Internet research ethics and institutional review boards: Current practices and issues. SIGCAS Computers and Society 39(3) (2009)Google Scholar
  7. 7.
    Burstein, A.J.: Conducting cybersecurity research legally and ethically. In: LEET: Proc. of the Wkshp. on Large-Scale Exploits and Emergent Threats (2008)Google Scholar
  8. 8.
    Dittrich, D., Bailey, M., Dietrich, S.: Building an active computer security ethics community. IEEE Security and Privacy 9(4) (July/August 2011)Google Scholar
  9. 9.
    Garfinkel, S.L., Cranor, L.F.: Institutional review boards and your research. Communications of the ACM 53(6), 38–40 (2010)CrossRefGoogle Scholar
  10. 10.
    Hayati, P., Firoozeh, N., Potdar, V., Chai, K.: How much money do spammers make from your website? (Working paper, in submission)Google Scholar
  11. 11.
    Head, B.: Storage bills top $43,000 say spam-busters. ITWire.com (August 2011), http://www.itwire.com/business-it-news/security/49239-storage-bills-top-43000-say-spam-busters
  12. 12.
    Kanich, C., Chachra, N., McCoy, D., Grier, C., Wang, D., Motoyama, M., Levchenko, K., Savage, S., Voelker, G.M.: No plan survives contact: Experience with cybercrime measurement. In: CSET 2011: Proceedings of the 3rd Workshop on Cyber Security Experimentation and Test (August 2011)Google Scholar
  13. 13.
    Kanich, C., Kreibich, C., Levchenko, K., Enright, B., Voelker, G.M., Paxson, V., Savage, S.: Spamalytics: An empirical market analysis of spam marketing conversion. In: CCS 2008: Proc. of the Conf. on Computer and Comm. Security (2008)Google Scholar
  14. 14.
    Kanich, C., Weaver, N., McCoy, D., Halvorson, T., Kreibich, C., Levchenko, K., Paxson, V., Voelker, G.M., Savage, S.: Show me the money: Characterizing spam-advertised revenue. In: Proc. of the USENIX Security Symposium (August 2011)Google Scholar
  15. 15.
    Levchenko, K., Chachra, N., Enright, B., Felegyhazi, M., Grier, C., Halvorson, T., Kanich, C., Kreibich, C., Liu, H., McCoy, D., Pitsillidis, A., Weaver, N., Paxson, V., Voelker, G.M., Savage, S.: Click trajectories: End-to-end analysis of the spam value chain. In: Proc. of the IEEE Symposium on Security and Privacy (2011)Google Scholar
  16. 16.
    Matwyshyn, A.M., Cui, A., Keromytis, A.D., Stolfo, S.J.: Ethics in security vulnerability research. IEEE Security and Privacy 8, 67–72 (2010)CrossRefGoogle Scholar
  17. 17.
    Milkman, K.L., Akinola, M., Chugh, D.: The temporal discrimination effect: An audit study of university professors (Working paper)Google Scholar
  18. 18.
    Moore, T., Anderson, R.: Economics and Internet security: A survey of recent analytical, empirical and behavioral research. Tech. Rep. TR-03-11, Harvard University, Department of Computer Science (2011)Google Scholar
  19. 19.
    Motoyama, M., Levchenko, K., Kanich, C., McCoy, D., Voekler, G.M., Savage, S.: Re: CAPTCHAs - Understanding CAPTCHA-solving services in an economic context. In: USENIX Security Symposium (August 2010)Google Scholar
  20. 20.
    Nathaniel, T.J., Johnson, N., Jakobsson, M.: Social phishing. Communications of the ACM 50(10) (October 2007)Google Scholar
  21. 21.
    Shin, Y., Gupta, M., Myers, S.: The nuts and bolts of a forum spam automator. In: LEET: Proc. of the Wkshp. on Large-Scale Exploits and Emergent Threats (2011)Google Scholar
  22. 22.
    Ur, B.E., Ganapathy, V.: Evaluating attack amplification in online social networks. In: W2SP 2009: The Workshop on Web 2.0 Security and Privacy (2009)Google Scholar
  23. 23.
    Walther, J.B.: Research ethics in Internet-enabled research: Human subjects issues and methodological myopia. Ethics and Info. Technology 4(3), 205–216 (2002)CrossRefGoogle Scholar
  24. 24.
    West, A.G., Agrawal, A., Baker, P., Exline, B., Lee, I.: Autonomous link spam detection in purely collaborative environments. In: WikiSym 2011: Proc. of the Seventh International Symposium on Wikis and Open Collaboration (October 2011)Google Scholar
  25. 25.
    West, A.G., Chang, J., Venkatasubramanian, K., Sokolsky, O., Lee, I.: Link spamming Wikipedia for profit. In: CEAS 2011: Proc. of the Eighth Annual Collaboration, Electronic Messaging, Anti-Abuse, and Spam Conference (September 2011)Google Scholar
  26. 26.
    West, A.G., Lee, I.: What Wikipedia deletes: Characterizing dangerous collaborative content. In: WikiSym 2011: Proc. of the Seventh International Symposium on Wikis and Open Collaboration (October 2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Andrew G. West
    • 1
  • Pedram Hayati
    • 2
  • Vidyasagar Potdar
    • 2
  • Insup Lee
    • 1
  1. 1.Department of Computer and Information ScienceUniversity of PennsylvaniaPhiladelphiaUSA
  2. 2.Anti-Spam Research LabCurtin UniversityAustralia

Personalised recommendations