1 / 12

eCrime Research

This talk by Richard Clayton in Luxembourg delves into types of criminality, research challenges, infrastructure, and recommendations for combating malware, botnets, phishing, spam, hacking, DDoS attacks, and other cyber threats. Learn about behavioral analysis, detection methods, and more.

thubbard
Download Presentation

eCrime Research

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. eCrime Research Richard Clayton Luxembourg11th May 2010

  2. Today’s talk • Who am I? • What I’ve been doing in Luxembourg • Types of criminality • Research challenges • Infrastructure • Recommendations

  3. Malware • “Malicious software” (worm/virus/trojan/drive-by-download) CHALLENGES • Behavioural analysis (how do we know it’s bad) • All samples now unique, so hard to measure any trends • Detection (Google’s scanning already a special case) • New browser designs for security • Hosting providers need detection systems • Can we detect bad sites on the wire ?

  4. Botnets • Swiss-army knife: DDoS, spam, click fraud, fastflux hosting CHALLENGES • Identification/interdiction of rendezvous schemes • Identification of activity (and C&C) • Better counting • Disruption/take-over: but complex ethical issues • Well trodden area – but new systems all the time

  5. Phishing • Theft of credentials by impersonation CHALLENGES • Measurements of lifetimes, blacklist effectiveness &c • Improvements to user interfaces/training • Improvements to authentication (PassPet, PAKE) • Measuring/detecting man-in-the-browser • Measuring/detecting key logging

  6. Spam • Non-permission based mass messaging CHALLENGES • Email spam detection • Image spam • Reliable measurements • Contact forms on websites • Blog spam • Fake blogs (Google groups etc) • Human detection (CAPTCHAs &c)

  7. “Hacking” • Unauthorised access to computing resources CHALLENGES • How can we secure one machine? • How can we secure millions of machines • How can hosting providers secure thousands of machines • How do criminals find vulnerable machines? • How can we provide realistic measurements of activity?

  8. DDoS • Distributed (usually) Denial of Service CHALLENGES • Detection of DDoS (at endpoint, on networks, at IXPs) • Traceback of attacks • Analysis of targets/motivation/capabilities

  9. Others • Click Fraud - data hard to obtain • HYIP - lots of data, trivial problem • Fake escrow - limited data, victims secretive • 419 scams - extensive data on early stages of scams • Lottery scams - hardly studied • Fake banks - associated with 419 scams • Counterfeit goods - hardly studied

  10. Infrastructure • Spam mine • Network telescope (darknet) • Passive DNS • Malware collector • Blog spam collector • Honeypot machines • Underground economy monitoring • Fuzzers

  11. Recommendations • Easy to get on the map • Malware, Botnets • Well-trodden areas, needing new approaches • Spam, Phishing, Hacking • Pattern recognition payoffs • DDoS, Malware/Botnet traffic analysis • Virgin territory • Blog spam • MSc projects • HYIP • Fake Escrow, etc etc

  12. eCrime Research BLOG: http://www.lightbluetouchpaper.org/ PAPERS: http://www.cl.cam.ac.uk/~rnc1/publications.html

More Related