Click Trajectories: End to End Analysis of the Spam Value Chain

Slides:



Advertisements
Similar presentations
Click Trajectories: End-to-End Analysis of the Spam Value Chain Author : Kirill Levchenko, Andreas Pitsillidis, Neha Chachra, Brandon Enright, M’ark F’elegyh’azi,
Advertisements

Back to Table of Contents
Principles of Information Systems, Sixth Edition The Internet, Intranets, and Extranets Chapter 7.
Software programs that enable you to view world wide web documents. Internet Explorer and Firefox are examples. Browser.
MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 The Internet, Intranets, and Extranets Chapter 7.
Electronic Commerce Systems
Spamscatter 1 Aug. 9 th, 2007Usenix Security 2007 Spamscatter: David S. Anderson, Chris Fleizach, Stefan Savage, and Geoffrey M. Voelker University of.
“If you build it, they will come.”. Virtual Business  There is much more that goes into a virtual business than just building the web site.  You will.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Online Business Optimization Suite. All About DeskGod.com DeskGod is provider of Next-generation online- business optimization software. DeskGod’s software,
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
By: Mr Hashem Alaidaros MKT 445 Lecture 3 Title: Affiliate Marketing.
1 Content Distribution Networks. 2 Replication Issues Request distribution: how to transparently distribute requests for content among replication servers.
WEB ANALYTICS Prof Sunil Wattal. Business questions How are people finding your website? What pages are the customers most interested in? Is your website.
Prof. Vishnuprasad Nagadevara Indian Institute of Management Bangalore
E-Commerce: Fundamentals of Building Web-Based Businesses Timothy Lee UALR Arkansas SBTDC.
Chapter 16 The World Wide Web Chapter Goals ( ) Compare and contrast the Internet and the World Wide Web Describe general Web processing.
Chapter 16 The World Wide Web. 2 The Web An infrastructure of information combined and the network software used to access it Web page A document that.
14 Publishing a Web Site Section 14.1 Identify the technical needs of a Web server Evaluate Web hosts Compare and contrast internal and external Web hosting.
Invitation to Computer Science 5th Edition
XHTML Introductory1 Linking and Publishing Basic Web Pages Chapter 3.
Economics of Malware: Spam Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See the last.
Reporter: Li, Fong Ruei National Taiwan University of Science and Technology 9/19/2015Slide 1 (of 32)
Click Trajectories: End-to-End Analysis of the spam value chain Kirill Levchenko, Andreas Pitsillidis, Neha Chachra, Brandon Enright, Tristan Halvorson,
Virtual Business CREATING A WEB PRESENCE Copyright © Texas Education Agency, All rights reserved.
2010/6/7 Spamalytics An Empirical Analysis of Spam Marketing Conversion Author: Chris Kanich Christian Kreibich Kirill Levchenko Brandon Enright Geoffrey.
Web Analytics Unit 4-1(2005 Fall) Managing the Digital Enterprise By Professor Michael Rappa.
Cloak and Dagger: Dynamics of Web Search Cloaking David Y. Wang, Stefan Savage, and Geoffrey M. Voelker University of California, San Diego 左昌國 Seminar.
COMP3121 E-Commerce Technologies Richard Henson University of Worcester November 2011.
Understanding Technology Crime Investigation for Managers.
Canadian Advertising in Action, 6th ed. Keith J. Tuckwell ©2003 Pearson Education Canada Inc Elements of the Internet World Wide Web World.
Client/User Analysis Website Design. 2 Questions to be answered: What is the purpose of the site? What is the purpose of the site? Who is the site for?
Lecture 3 Strategic E-Marketing Instructor: Hanniya Abid
Spamscatter: Characterizing Internet Scam Hosting Infrastructure By D. Anderson, C. Fleizach, S. Savage, and G. Voelker Presented by Mishari Almishari.
By Gianluca Stringhini, Christopher Kruegel and Giovanni Vigna Presented By Awrad Mohammed Ali 1.
Detecting Phishing in s Srikanth Palla Ram Dantu University of North Texas, Denton.
Reporter : 鄭志欣 Advisor: Hsing-Kuo Pao Botnet Judo: Fighting Spam with Itself.
WEB SERVER SOFTWARE FEATURE SETS
Blogging. Website and blog A website, also written as web site,or simply site, is a set of related web pages typically served from a single web domain.
IS Infrastructure Managing Infrastructure and Services Copyright © 2016 Curt Hill.
 1- Definition  2- CRM  3- Analytics  4- Tools.
E-Marketing Strategic E-Marketing and Performance Metrics 2-1.
Spamalytics: An Empirical Analysis of Spam Marketing Conversion
DARE: Domain analysis and reuse environment Minwoo Hong William Frakes, Ruben Prieto-Diaz and Christopher Fox Annals of Software Engineering,
E-Business Infrastructure PRESENTED BY IKA NOVITA DEWI, MCS.
Dec 14, 2014, Harvard University
Dealer Partner Program
4.01 How Web Pages Work.
Web Development & Design Foundations with HTML5 7th Edition
Automated ad placement
SETTING UP OF E-COMMERCE WEBSITE
Web Development Web Servers.
Creating a Winning E-Business Second Edition
Latest Updates on BlackHawk Mines Music : Privacy Policy
Distribution and components
Accounting Information Systems 9th Edition
Digital marketing refers to advertising delivered through digital channels such as search engines, websites, social media, , and mobile apps. While.
BOTNET JUDO : Fighting Spam with Itself
E-Commerce Lecture 6.
Chapter 9 e-Commerce Systems McGraw-Hill/Irwin
Goal, Question, and Metrics
Section 14.1 Section 14.2 Identify the technical needs of a Web server
Use of Electronic and Internet advertising options
COMP 208/214/215/216 – Lecture 7 Documenting Design.
E-COMMERCE Learning Unit 4: ADVERTISING IN E-C0MMERCE
Chapter 16 The World Wide Web.
Internet CyberCrime Economics
Computer Networks Primary, Secondary and Root Servers
4.01 How Web Pages Work.
Presentation transcript:

Click Trajectories: End to End Analysis of the Spam Value Chain By Aishwarya Nayak

Based on the paper: Kirill Levchenko, Andreas Pitsillidis, Neha Chachra, Brandon Enright, Mark Felegyhazi, Chris Grier, Tristan Halvorson, Chris Kanich, Christian Kreibich, He Liu, Damon McCoy, Nicholas Weaver, Vern Paxson, Geoffrey M. Voelker, Stefan Savage. Click Trajectories: End to End Analysis of the Spam Value Chain (2011). In SP’11 Proceedings of the 2011 IEEE Symposium on Security and Privacy , Pages 431-446.

Introduction Spam based advertising is a business which fuels a profitable enterprise. We lack a solid understanding of this enterprise’s full structure and thus most anti-spam interventions focus on only one facet of the overall spam value chain. This paper presents a holistic analysis that quantifies the full set of resources employed to monetize spam email.

Goals The motivation of this paper is to guide decisions about the most effective mechanisms for addressing the spam problem. This paper develops a methodology for characterizing end to end resource dependencies behind individual spam campaigns and then analyze the relationships among them.

How Modern Spam Works While the user experience of spam is limited to emails, these constitute only one visible part of the whole chain. As an advertising medium, spam ultimately shares the underlying business model of all advertising. This paper divides this large chain into three distinct stages: advertising, click support and realization.

Advertising Advertising constitutes of all activities focused on reaching potential customers and enticing them into clicking on a particular URL. This includes the bulk messages sent by email advertising different products. The three main categories of products studied in this paper are pharmaceuticals,replica luxury goods

Click Support Having delivered their advertisement, a spammer depends on the recipients to respond, usually by clicking on an embedded URL. In order to get the recipients to the website of interest a spammer orchestrates a sequence of services: i)Redirection sites - Many spammers advertise URLs that when visited, redirect to additional URLs

Click Support(contd.) ii)Domains- At some point a click trajectory will usually require domain name resources managed by the spammer or their accomplices. iii)Name servers -Any registered domain must in turn have a supporting name structure infrastructure. iv)Web servers- The address records specified by the spammers must in turn specify servers that host web content.

Click Support(contd.) v)Stores and affiliate programs - The affiliate program typically provides the storefront templates, shopping cart management , analytics support and even advertising materials.

Realization Finally, having brought the customer to an advertised site and convinced them to purchase some product, the seller realizes the latent value by acquiring the customer’s payment through conventional payment networks and in turn fulfilling their product request. At the end, a store arranges to fulfill an order in return for the customer’s payment.

An example of spam value chain

Data Collection/Processing Workflow They have followed the following methodology in order to collect data, process and validate them. - collecting spam advertised URLs - crawler data - content clustering and tagging - purchasing

Collecting spam advertised URLs They collected 1 billion URLs from third party partners and harvested URLs from their own botfarm environment. From these feeds they extract and normalize embedded URls and insert them into a large multi terabyte Postgres database. The resulting feed tables drive virtually all subsequent data gathering.

Crawler data The URL feed data subsequently drives active crawling measurements that collect information about both the DNS infrastructure used to name the site being advertised and the web hosting infrastructure that serves site content to visitors. They use - DNS crawler - Web crawler

Crawler data(contd.) DNS Crawler - it identifies the name server infrastructure used to support spam advertised domains and the address records they specify for hosting those names. Web Crawler - the web crawler replicates the experience of a user clicking on the URLs derived from the spam feeds.

Content Clustering In this stage the crawler output is processed and the information is associated with higher level spam business activities. A clustering tool is used that uses the HTML text of the websites to classify them. It generates a fingerprint for the page being crawled.

Tagging Category Tagging - it broadly separates the clusters into three categories - pharmaceuticals, replica and software. Program Tagging - it identifies the set of distinct clusters that belong to the same affiliate program.

Purchasing Finally, for a subset of the sites with program tags, goods that were offered for sale , were purchased. Purchases were placed via VPN connections to IP addresses located in the geographic vicinity to the mailing address. This is done to avoid failing common fraud checks.

Results The data was analysed explicitly from the standpoint of the defender. The defender may choose to intervene by either by blocking its advertising, disrupting its click support or interfering with the realization step. It was found that the payment infrastructure has far fewer alternatives and a far higher switching cost.

Conclusion This paper describes large scale empirical study to measure the spam value chain in an end to end fashion. It has described a framework for conceptualizing resource requirements for spam monetization. Finally, the data is used prove that payment tier is by far the most concentrated and valuable asset in the spam ecosystem.