measuring the impact of sharing abuse data with web
play

Measuring the Impact of Sharing Abuse Data with Web Hosting - PowerPoint PPT Presentation

Mar 20, 2023 •108 likes •397 views

Measuring the Impact of Sharing Abuse Data with Web Hosting Providers Marie Vasek , Matthew Weeden, and Tyler Moore University of Tulsa WISCS 24 October 2016 1 of 27 StopBadware Founded in 2006 by Harvards Berkman Klein Center for

  1. Measuring the Impact of Sharing Abuse Data with Web Hosting Providers Marie Vasek , Matthew Weeden, and Tyler Moore University of Tulsa WISCS 24 October 2016 1 of 27

  3. StopBadware • Founded in 2006 by Harvard’s Berkman Klein Center for Internet and Society • Now housed at the University of Tulsa • Provides independent reviews of websites appearing on 3 malware blacklists 3 of 27

  4. Review Requests for Individual URLs 4 of 27

  5. Review Requests for Bulk URLs 5 of 27

  6. Research Questions Does sending bulk reports help? • Short term: ◦ Do reported URLs get cleaned up? ◦ Which URLs are more likely to get cleaned up? • Long term: ◦ Do ASes get better at cleaning URLs after receiving bulk reports? 6 of 27

  7. Overview • Brief overview of study • Define metrics • Direct impact of sharing abuse data • Indirect impact of sharing abuse data • Conclusions 7 of 27

  8. Bulk Requests over Time 5000 # URLs shared 500 50 5 1 2010 2011 2012 2013 2014 2015 Date shared 8 of 27

  9. Summary Statistics • Google Safebrowsing Data used exclusively • 6 year time frame (2010 - 2015) • 69 stakeholders requested reports • 41 web hosting providers in our study ◦ Responsible for entire AS ◦ Sent Google Safebrowsing Data ◦ Had at least a month of data before/after • 28 548 URLs reported 9 of 27

  10. Malware Cleanup Metrics • Clean ◦ Off the blacklist ◦ Stays off for 3 weeks • Recompromise ◦ A previously blacklisted URL is clean and then is reblacklisted 10 of 27

  11. Measuring Direct and Indirect Impact of Reporting • Direct Impact ◦ Are the URLs we shared cleaned up? • Indirect Impact ◦ Are networks “better” after receiving a bulk review from StopBadware? • Do they clean malware URLs faster? • Do they clean malware URLs more effectively? 11 of 27

  12. Measurement Timeline blacklist to clean blacklist to report report to clean blacklisted reported clean 12 of 27

  13. Cleanup of URLs Shared with ASes URLS shared with ASes 1.0 Pr(report to clean days >= X) 0.8 0.6 0.4 0.2 0.0 1 5 50 500 Report to Clean (days) 13 of 27

  14. Measurement Timeline blacklist to clean blacklist to report report to clean blacklisted reported clean 14 of 27

  15. Long Lived Malware Takes Longer to Clean Median Report to Clean (Days) [Bar] Blacklist to Report (Days) [Line] 1000 500 ● 800 400 ● 300 600 ● 400 200 ● 100 200 ● ● ● ● ● 0 0 ● 0− 10− 20− 30− 40− 50− 60− 70− 80− 90− 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Decile for Blacklist to Report (Days) 15 of 27

  16. Pre- vs. Post-Contact Cleanup Survival probability before and after contact 1.0 pre−contact Pr(blacklist to clean days >=X) post−contact 0.8 0.6 0.4 0.2 0.0 1 2 5 10 50 200 Blacklist to Clean (days) 16 of 27

  17. Pre- vs. Post-Contact Cleanup: Improved AS 17 of 27

  18. Pre- vs. Post-Contact Cleanup: Worsened AS 18 of 27

  19. Pre- vs. Post-Contact Cleanup: Unclear effect AS 19 of 27

  20. Change in Metrics Pre- and Post- Sharing # ∆ days to clean ∆ recomp. rate Improved 13 58 0.010 Worsened 3 -176 0.085 Unclear 17 13 0.008 20 of 27

  21. Comparing Change in Metrics by AS Median recompromise rate pre−sharing − post−sharing 0.15 ● 0.10 ● 0.05 ● 0.00 ● −0.05 ● ● Top Quartile Report to Clean 2nd Quartile Report to Clean −0.10 3rd Quartile Report to Clean Bottom Quartile Report to Clean ● −300 −200 −100 0 100 Median blacklist to clean pre−sharing − post−sharing 21 of 27

  22. Matched Pair Analysis • What would happen if StopBadware had not sent out reviews? • Matched pairs between reported-to ASes and similar ASes • Similar? ◦ Same country ◦ Similar level of badness • Key Assumption: All else equal, ASes would exhibit similar patterns 22 of 27

  23. Measurement Timeline blacklist to clean blacklist to report report to clean blacklisted reported clean 23 of 27

  24. Matched Pair: Cleanup of URLs Shared with ASes URLS shared with ASes 1.0 reported ASes matched pairs Pr(report to clean days >= X) 0.8 0.6 0.4 0.2 0.0 1 5 50 500 Report to Clean (days) 24 of 27

  25. Matched Pair: Pre- vs. Post-Contact Cleanup Survival probability before and after contact 1.0 pre−contact Pr(blacklist to clean days >=X) post−contact pre−contact (mp) 0.8 post−contact (mp) 0.6 0.4 0.2 0.0 1 2 5 10 50 200 Blacklist to Clean (days) 25 of 27

  26. Responsive ASes Improve Long Term after Report Median recompromise rate pre−sharing − post−sharing 0.15 ● 0.10 ● 0.05 ● 0.00 ● −0.05 ● ● Top Quartile Report to Clean 2nd Quartile Report to Clean −0.10 3rd Quartile Report to Clean Bottom Quartile Report to Clean ● −300 −200 −100 0 100 Median blacklist to clean pre−sharing − post−sharing 26 of 27

  27. Conclusions • Directly sharing URLs helps clean up those URLs ◦ Consistent with prior work on individual reports ◦ This work finds it to be true for bulk reporting • No evidence for long term change overall ◦ Improvements on individual providers • Long lived malware a scourge ◦ Lots of efforts concentrating on newly infected websites ◦ Lurking infections continue to harm, perhaps compounding ◦ Current efforts not sufficient for stopping this “immortal” malware 27 of 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Data Society the Impact of Data Sharing on Our Everydays Life 1 st Swiss Workshop on Data

Data Society the Impact of Data Sharing on Our Everydays Life 1 st Swiss Workshop on Data

Data Society the Impact of Data Sharing on Our Everydays Life 1 st Swiss Workshop on Data Science ZHAW School of Engineering, Winterthur 21 March 2014 Andr Golliez Managing Partner itopia ag President Opendata.ch, Swiss Chapter of the

656 views • 30 slides
Measuring the economic impact of Covid-19 in the UK with business website data Juan

Measuring the economic impact of Covid-19 in the UK with business website data Juan

Measuring the economic impact of Covid-19 in the UK with business website data Juan Mateos-Garcia Starting at 11.30AM ESCoE COVID-19 ECONOMIC MEASUREMENT WEBINARS Measuring the Economic Impact of Covid-19 with business website data Alex

408 views • 40 slides
The Role of Case Studies in Effective Data Sharing, Reuse and Impact Rebecca Parsons and Scott

The Role of Case Studies in Effective Data Sharing, Reuse and Impact Rebecca Parsons and Scott

The Role of Case Studies in Effective Data Sharing, Reuse and Impact Rebecca Parsons and Scott Summers UK Data Service, UK Data Archive IASSIST 2016 Embracing the Data Revolution: Opportunities and Challenges for Research 2 nd June

572 views • 15 slides
Workshop 1. . Measuring impact on end learners Purpose of f this workshop To explore

Workshop 1. . Measuring impact on end learners Purpose of f this workshop To explore

Workshop 1. . Measuring impact on end learners Purpose of f this workshop To explore different ways of measuring impact on end learners To share tools and whats worked To be honest about some of the challenges Measuring Im

214 views • 5 slides
EMA Workshop : measuring the impact of pharmacovigilance activities ASTRO-LAB & SNIIRAM:

EMA Workshop : measuring the impact of pharmacovigilance activities ASTRO-LAB & SNIIRAM:

EMA Workshop : measuring the impact of pharmacovigilance activities ASTRO-LAB & SNIIRAM: CONSISTENT FIELD & CLAIMS STUDIES The risks of asthma therapy as assessed from real-life data : a complex story Eric VAN GANSE, December

1.35k views • 8 slides
Measuring What Matters Quality, Impact and Measuring Social Value Philip Angier, Angier Griffin

Measuring What Matters Quality, Impact and Measuring Social Value Philip Angier, Angier Griffin

Measuring What Matters Quality, Impact and Measuring Social Value Philip Angier, Angier Griffin Measuring what matters Introductions: Name Organisation Where youre from first part of postcode Size approx annual

583 views • 27 slides
Impact assessment of the EIB support to SMEs Workshop on measuring impact and additionality 30

Impact assessment of the EIB support to SMEs Workshop on measuring impact and additionality 30

Impact assessment of the EIB support to SMEs Workshop on measuring impact and additionality 30 June 2020 (online) Alessandro Barbera, ron Gereben, Marcin Wolski European Investment Bank Group 1 Context I Balance-sheet perspective of a C19

385 views • 19 slides
EMA Workshop on measuring the impact of pharmacovigilance activities December 5-6, 2016 Session

EMA Workshop on measuring the impact of pharmacovigilance activities December 5-6, 2016 Session

EMA Workshop on measuring the impact of pharmacovigilance activities December 5-6, 2016 Session 2 Health Canadas Approach to Measuring Impact of Pharmacovigilance and Regulatory Decisions Dr. John Patrick Stewart, MD, CCFP(EM) Marketed

175 views • 15 slides
Workshop: measuring the impact of pharmacovigilance activities 5-6 December 2016 European

Workshop: measuring the impact of pharmacovigilance activities 5-6 December 2016 European

Workshop: measuring the impact of pharmacovigilance activities 5-6 December 2016 European Medicines Agency, London, United Kingdom Challenges of measuring the impact of pharmacovigilance processes Judith Sanabria, M.D. Clinical

221 views • 10 slides
What can researchers contribute to measuring impact? Agnes Kant, Epidemiologist Director Lareb

What can researchers contribute to measuring impact? Agnes Kant, Epidemiologist Director Lareb

What can researchers contribute to measuring impact? Agnes Kant, Epidemiologist Director Lareb Special Interest Group Measuring impact of pharmacovigilance activities Objective SIG Develop methods for modeling health outcomes of

639 views • 15 slides
IR IRIS IS+ | The generally accepted system for measuring, managing and optimizing impact Key

IR IRIS IS+ | The generally accepted system for measuring, managing and optimizing impact Key

IR IRIS IS+ | The generally accepted system for measuring, managing and optimizing impact Key features of IRIS+ include: Core Metrics Sets to increase data clarity and comparability Streamlined evidence base, research, practical how-to

177 views • 4 slides
ResearchersNight MEASURING IMPACT: WHICH INDICATORS AND INSTRUMENTS TO USE Establishing

ResearchersNight MEASURING IMPACT: WHICH INDICATORS AND INSTRUMENTS TO USE Establishing

Esmay Walker: Research and Impact Officer, University of Huddersfield European ResearchersNight MEASURING IMPACT: WHICH INDICATORS AND INSTRUMENTS TO USE Establishing Impact Indicators Why? Demonstrate real-world value of research

269 views • 10 slides
1. The potential of data sharing 2. An ideal professed but not practiced * 1. Researchers 2.

1. The potential of data sharing 2. An ideal professed but not practiced * 1. Researchers 2.

Perspectives on Academic Data Sharing Benedikt Fecher, German Institute for Economic Research Berlin, 19th April 2016 8,65 Data Sharing in Academia Agenda 1. The potential of data sharing 2. An ideal professed but not practiced * 1. Researchers

329 views • 22 slides
Measuring Happiness the Big Data Way Measuring emotional content Clinical and Translational

Measuring Happiness the Big Data Way Measuring emotional content Clinical and Translational

Happiness Some motivation Measuring Happiness the Big Data Way Measuring emotional content Clinical and Translational Research Seminar, UVM Data sets Analysis Songs Peter Dodds, Chris Danforth, Blogs SOTU Isabel Kloumann, Cathy Bliss,

886 views • 62 slides
EOTSS: Data Sharing and Services July 18 , 2019 Agenda Data Sharing Framework Overview

EOTSS: Data Sharing and Services July 18 , 2019 Agenda Data Sharing Framework Overview

EOTSS: Data Sharing and Services July 18 , 2019 Agenda Data Sharing Framework Overview of EOTSS's Data Services Key Products: Data Prep / Secure Storage Data Analytics Data Visualization Data Sharing Data

575 views • 20 slides
Measuring the Impact of Microcredit with Counterfactual Impact Evaluations Beatrice dHombres,

Measuring the Impact of Microcredit with Counterfactual Impact Evaluations Beatrice dHombres,

The European Commissions science and knowledge service Joint Research Centre Measuring the Impact of Microcredit with Counterfactual Impact Evaluations Beatrice dHombres, Timothee Demont Leandro Elia, Corinna Ghirelli Joint Research

737 views • 51 slides
WEL WELCOME COME! 2019 9 2020 2020 Sch chool l Yea ear WHAT IS THE PTSA & WHAT DO

WEL WELCOME COME! 2019 9 2020 2020 Sch chool l Yea ear WHAT IS THE PTSA & WHAT DO

WEL WELCOME COME! 2019 9 2020 2020 Sch chool l Yea ear WHAT IS THE PTSA & WHAT DO WE DO The PTSA is a non-profit, volunteer organization of parents, teachers and students. The PTSA main role is to build strong working

402 views • 7 slides
Hi! Im Fiona. Things that I do: Teach Vectorworks and SketchUp Tutor at London College

Hi! Im Fiona. Things that I do: Teach Vectorworks and SketchUp Tutor at London College

Hi! Im Fiona. Things that I do: Teach Vectorworks and SketchUp Tutor at London College of Garden Design Freelance for other designers Project management Draw great plans and details Create dreamy visuals

460 views • 29 slides
THE XMM-NEWTON SPECTRAL DATABASE I. GEORGANTOPOULOS A. CORRAL NATIONAL OBSERVATORY OF ATHENS

THE XMM-NEWTON SPECTRAL DATABASE I. GEORGANTOPOULOS A. CORRAL NATIONAL OBSERVATORY OF ATHENS

THE XMM-NEWTON SPECTRAL DATABASE I. GEORGANTOPOULOS A. CORRAL NATIONAL OBSERVATORY OF ATHENS OUTLINE OF THE TALK Introduce ourselves X-ray Astronomy ESAs XMM mission The largest catalogue of X-ray sources ever (3XMM)

323 views • 15 slides
Black stars induced by matter on a brane: exact solutions Maxim Kurkov in collaboration with

Black stars induced by matter on a brane: exact solutions Maxim Kurkov in collaboration with

Black stars induced by matter on a brane: exact solutions Maxim Kurkov in collaboration with Prof. A.A. Andrianov based on: arXiv:1008.2705 V.A.Fock Department of Theoretical Physics Saint-Petersburg State University International Workshop

437 views • 14 slides
Using BGP for realtime import and export of OpenBSD spamd entries Peter Hessler

Using BGP for realtime import and export of OpenBSD spamd entries Peter Hessler

Using BGP for realtime import and export of OpenBSD spamd entries Peter Hessler phessler@openbsd.org OpenBSD 17 March, 2013 1 / 27 what is this spamd uses IP host entries, to whitelist, blacklist or greylist hosts spamd can import and

412 views • 27 slides
Name Detection System By Auke Zwaan DNS DNS DNS Give me google. gle.nl nl DNS Give me

Name Detection System By Auke Zwaan DNS DNS DNS Give me google. gle.nl nl DNS Give me

Malicious Domain Name Detection System By Auke Zwaan DNS DNS DNS Give me google. gle.nl nl DNS Give me google. gle.nl nl Okay. 64.233. 4.233.166.9 66.94 Research Question Is it possible to detect ma malic iciou ious do domain

455 views • 45 slides
Manipulation of Stable Matchings the Depths Summary using Minimal Blacklists Yannai A.

Manipulation of Stable Matchings the Depths Summary using Minimal Blacklists Yannai A.

Background A Poll Results Overview A Peek Into Manipulation of Stable Matchings the Depths Summary using Minimal Blacklists Yannai A. Gonczarowski The Hebrew University of Jerusalem Microsoft Research July 29, 2014 Proc. of the 15 th ACM

1.42k views • 129 slides
Facial Recognition Soren Frederiksen VP of Innovation Lab 2019 Ensuring safer tomorrows 1

Facial Recognition Soren Frederiksen VP of Innovation Lab 2019 Ensuring safer tomorrows 1

Facial Recognition Soren Frederiksen VP of Innovation Lab 2019 Ensuring safer tomorrows 1 Who am I Soren Frederiksen VP of Innovation Lab Electrical Engineer from Denmark 30 year developing software Neural Networks

316 views • 21 slides

More recommend