A Comprehensive Evaluation of Capture-Recapture Models for Estimating Software Defect Content
IEEE Transactions on Software Engineering
Inferring Internet denial-of-service activity
ACM Transactions on Computer Systems (TOCS)
Understanding the network-level behavior of spammers
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
The Zombie roundup: understanding, detecting, and disrupting botnets
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Revealing botnet membership using DNSBL counter-intelligence
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Using uncleanliness to predict future botnet addresses
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
My botnet is bigger than yours (maybe, better than yours): why size estimates remain challenging
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Botnet tracking: exploring a root-cause methodology to prevent distributed denial-of-service attacks
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Evaluating the Wisdom of Crowds in Assessing Phishing Websites
Financial Cryptography and Data Security
Proceedings of the 2008 workshop on New security paradigms
Ranking bias in deep web size estimation using capture recapture method
Data & Knowledge Engineering
Proceedings of the Seventh Symposium on Usable Privacy and Security
Clustering potential phishing websites using DeepMD5
LEET'12 Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats
Ethical dilemmas in take-down research
FC'11 Proceedings of the 2011 international conference on Financial Cryptography and Data Security
Hi-index | 0.00 |
We estimate of the extent of phishing activity on the Internet via capture-recapture analysis of two major phishing site reports. Capture-recapture analysis is a population estimation technique originally developed for wildlife conservation, but is applicable in any environment wherein multiple independent parties collect reports of an activity. Generating a meaningful population estimate for phishing activity requires addressing complex relationships between phishers and phishing reports. Phishers clandestinely occupy machines and adding evasive measures into phishing URLs to evade firewalls and other fraud-detection measures. Phishing reports, in the meantime, may be demonstrate a preference towards certain classes of phish. We address these problems by estimating population in terms of netblocks and by clustering phishing attempts together into scams, which are phishes that demonstrate similar behavior on multiple axes. We generate population estimates using data from two different phishing reports over an 80-day period, and show that these reports capture approximately 40% of scams and 80% of CIDR/24 (256 contiguous address) netblocks involved in phishing.