Schedule
Wednesday 4-5pm, in the CTL.
Description
Recent years have witnessed a dramatic change in the goals and modes of operation of malicious hackers. As hackers realized the potential monetary gains associated with Internet fraud, there has been a shift from "hacking for fun" to "hacking for profit." This shift has been leveraged and supported by more traditional crime organizations, which eventually realized the potential of the Internet for their endeavors.
The integration of sophisticated computer attacks with well-established fraud mechanisms devised by organized crime has resulted in an underground economy that trades compromised hosts, personal information, and services in a way similar to other legitimate economies. This expanding underground economy makes it possible to significantly increase the scale of the frauds carried out on the Internet and allows criminals to reach millions of potential victims.
This goal of this seminar is to gain a deeper understanding of the mechanisms and structure of the Internet underground economy. The participants will read, present, an discuss a number of papers that describes the different facets of this complex underworld. In addition, the participants will scout for additional sources of information on the Internet and contribute to a shared Wiki on this topic.
Schedule
| Date | Papers | Presenter(s) | Presentation |
| Apr 2 | Introduction | Chris Kruegel and Giovanni Vigna | |
| Apr 9 | The underground economy: priceless, Team Cymru, ;login:, 31(6), Nov 2006. | Chris Bunch | Slides |
| An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants, J. Franklin et al., Proceedings of ACM CCS, October 2007. | Billy Lee | Slides | |
| Apr 16 | No Class | ||
| Apr 23 | Studying Malicious Web sites and the Underground Economy on the Chinese Web, J. Zhuge et al., Reihe Informatik, TR-2007-011, 2007. | Skand Gupta | |
| Know Your Enemy: Malicious Web Servers, The Honeynet Project, August 2007. | Adam Doupè | ||
| Apr 30 | RBN "Rizing", Shadowserver Foundation, February 2008. | Christo Wilson | |
| Protecting Browsers from DNS Rebinding Attacks, C. Jackson et al., Proceedings of ACM CCS, November 2007. | David Sigal | ||
| May 7 | The economy of phishing: A survey of the operations on the phishing market, C. Abad, July 2005. | Scott Bonebrake | |
| Know your Enemy: Phishing -- Behind the Scenes of Phishing Attacks, The Honeynet Project, May 2005. | Camilla Fiorese | ||
| May 14 | Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority, D. Dagon et al, Proceedings of NDSS, February 2008. | Alan Savage | |
| RBN AS RBusiness Network, Clarifying the Guesswork of Criminal Activity, Shadowserver Foundation, January 2008. | Brett Stone-Gross | ||
| May 21 | Spamscatter: Characterizing Internet Scam Hosting Infrastructure, Proceedings of USENIX Security, August 2007 | Marcus Jang | |
| ScamSlam: An Architecture for Learning the Criminal Relations Behind Scam Spam, E. Airoldi et al., CMU-ISRI-04-121, May 2004. | Bryce Boe | ||
| May 28 | Measuring and Detecting Fast-Flux Service Networks, T. Holz, Proceedings of NDSS, 2008. | Manish Goyal | |
| Fluxor: Detecting and Monitoring Fast-Flux Service Networks, E. Passerini et al., DIMVA 2008. | Greg Banks | ||
| Jun 4 | On the SPAM Campaign Trail, C. Kriebich et al., Proceedings of LEET, 2008. | Aleksandra Popova | |
| Understanding the Network-Level Behavior of Spammers, A. Bavier et al., Proceedings of SIGCOMM, 2006. | Andreas Stamminger | ||