Spamming for science: active measurement in web 2.0 abuse research

Authors:
Andrew G. West;Pedram Hayati;Vidyasagar Potdar;Insup Lee
Affiliations:
Department of Computer and Information Science, University of Pennsylvania, Philadelphia;Anti-Spam Research Lab, Curtin University, Australia;Anti-Spam Research Lab, Curtin University, Australia;Department of Computer and Information Science, University of Pennsylvania, Philadelphia
Venue:
FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security
Year:
2012

Citing 18
Cited 0

Research ethics in Internet-enabled research: Human subjects issues and methodological myopia

Ethics and Information Technology
Social phishing

Communications of the ACM
What ought a program committee to do?

WOWCS'08 Proceedings of the conference on Organizing Workshops, Conferences, and Symposia for Computer Systems
Conducting cybersecurity research legally and ethically

LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Spamalytics: an empirical analysis of spam marketing conversion

Proceedings of the 15th ACM conference on Computer and communications security
Internet research ethics and the institutional review board: current practices and issues

ACM SIGCAS Computers and Society
Institutional review boards and your research

Communications of the ACM
Ethics in Security Vulnerability Research

IEEE Security and Privacy
Proliferation and Detection of Blog Spam

IEEE Security and Privacy
Re: CAPTCHAs: understanding CAPTCHA-solving services in an economic context

USENIX Security'10 Proceedings of the 19th USENIX conference on Security
The nuts and bolts of a forum spam automator

LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats
Click Trajectories: End-to-End Analysis of the Spam Value Chain

SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
No plan survives contact: experience with cybercrime measurement

CSET'11 Proceedings of the 4th conference on Cyber security experimentation and test
Show me the money: characterizing spam-advertised revenue

SEC'11 Proceedings of the 20th USENIX conference on Security
Link spamming Wikipedia for profit

Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference
What Wikipedia deletes: characterizing dangerous collaborative content

Proceedings of the 7th International Symposium on Wikis and Open Collaboration
Autonomous link spam detection in purely collaborative environments

Proceedings of the 7th International Symposium on Wikis and Open Collaboration
Building an Active Computer Security Ethics Community

IEEE Security and Privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

Spam and other electronic abuses have long been a focus of computer security research. However, recent work in the domain has emphasized an economic analysis of these operations in the hope of understanding and disrupting the profit model of attackers. Such studies do not lend themselves to passive measurement techniques. Instead, researchers have become middle-men or active participants in spam behaviors; methodologies that lie at an interesting juncture of legal, ethical, and human subject (e.g., IRB) guidelines. In this work two such experiments serve as case studies: One testing a novel link spam model on Wikipedia and another using blackhat software to target blog comments and forums. Discussion concentrates on the experimental design process, especially as influenced by human-subject policy. Case studies are used to frame related work in the area, and scrutiny reveals the computer science community requires greater consistency in evaluating research of this nature.