The Byzantine Generals Problem
ACM Transactions on Programming Languages and Systems (TOPLAS)
IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
The Eigentrust algorithm for reputation management in P2P networks
WWW '03 Proceedings of the 12th international conference on World Wide Web
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Toward acceptable metrics of authentication
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
The Wisdom of Crowds
Communications of the ACM - The semantic e-business vision
Anomaly Based Web Phishing Page Detection
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Expertise networks in online communities: structure and algorithms
Proceedings of the 16th international conference on World Wide Web
Stronger password authentication using browser extensions
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Examining the impact of website take-down on phishing
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
Fishing for phishes: applying capture-recapture methods to estimate phishing populations
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
Threat Modeling: Herdict: A distributed model for threats online
Network Security
Phi.sh/$oCiaL: the phishing landscape through short URLs
Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference
Wisdom of artificial crowds algorithm for solving NP-hard problems
International Journal of Bio-Inspired Computation
Proceedings of the Seventh Symposium on Usable Privacy and Security
The decreasing marginal value of evaluation network size
ACM SIGCAS Computers and Society
Community-based web security: complementary roles of the serious and casual contributors
Proceedings of the ACM 2012 conference on Computer Supported Cooperative Work
Re-evaluating the wisdom of crowds in assessing web security
FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
Use of ratings from personalized communities for trustworthy application installation
NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
Using preference judgments for novel document retrieval
SIGIR '12 Proceedings of the 35th international ACM SIGIR conference on Research and development in information retrieval
PeerSec: towards peer production and crowdsourcing for enhanced security
HotSec'12 Proceedings of the 7th USENIX conference on Hot Topics in Security
Pools, clubs and security: designing for a party not a person
Proceedings of the 2012 workshop on New security paradigms
| Hi-index | 0.00 |
We examine the structure and outcomes of user participation in PhishTank, a phishing-report collator. Anyone who wishes may submit URLs of suspected phishing websites, and may vote on the accuracy of other submissions. We find that PhishTank is dominated by its most active users, and that participation follows a power-law distribution, and that this makes it particularly susceptible to manipulation. We compare PhishTank with a proprietary source of reports, finding PhishTank to be slightly less complete and significantly slower in reaching decisions. We also evaluate the accuracy of PhishTank's decisions and discuss cases where incorrect information has propagated. We find that users who participate less often are far more likely to make mistakes, and furthermore that users who commit many errors tend to have voted on the same URLs. Finally, we explain how the structure of participation in PhishTank leaves it susceptible to large-scale voting fraud which could undermine its credibility. We also discuss general lessons for leveraging the `wisdom of crowds' in taking security decisions by mass participation.