An inquiry into the nature and causes of the wealth of internet miscreants
Proceedings of the 14th ACM conference on Computer and communications security
IEEE Security and Privacy
Spamalytics: an empirical analysis of spam marketing conversion
Proceedings of the 15th ACM conference on Computer and communications security
School of phish: a real-world evaluation of anti-phishing training
Proceedings of the 5th Symposium on Usable Privacy and Security
So long, and no thanks for the externalities: the rational rejection of security advice by users
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Survey and taxonomy of botnet research through life-cycle
ACM Computing Surveys (CSUR)
| Hi-index | 0.00 |
Researchers have recently begun to study the economics of the markets for illicit digital goods to better understand how to invest resources in the most effective mitigations. This line of work in security economics can greatly benefit from data gathering methodologies used for the study of another underground economy, which has been analyzed for the better part of a century: the illicit drug trade. We describe "promises" and "puzzles" in the use of observational data for computer security research, that have been encountered previously in drug policy research, and highlight possible lessons we can learn from this different field. We then outline potential opportunities for security research to avoid pitfalls in data collection that drug policy studies have uncovered. Finally, we argue that failure to tackle problems with observational data runs the risk of creating incorrect "mythical numbers" that can have lasting effects on public policy surrounding computer security.