At this year's IEEE Symposium on Security and Privacy we presented two papers.
The first presents an extensive measurement study our team of 15 researchers, postdocs and graduate students at UCSD and ICSI has worked on for two years. It expands the analysis of the spam value chain into the financial domain, illuminates the affiliate program landscape for pharmaceuticals, replica goods, and software, and identifies three banks that together receive the credit card transactions of 95% of the spam we observe.
- K. Levchenko, A. Pitsillidis, N. Chachra, B. Enright, M. Felegyhazi, C. Grier, T. Halvorson, C. Kanich, C. Kreibich, H. Liu, D. McCoy, N. Weaver, V. Paxson, G. M. Voelker, and S. Savage. Click Trajectories: End-to-End Analysis of the Spam Value Chain. IEEE Symposium on Security and Privacy, 2011, Oakland, USA.
The second paper presents Monarch, a real-time system that crawls URLs as they are submitted to web services and determines whether the URLs direct to spam. The paper evaluates the fundamental challenges that arise due to the diversity of web service spam. Monarch could protect a service such as Twitter—which needs to process 15 million URLs/day—for a bit under $800/day.
- K. Thomas, C. Grier, J. Ma, V. Paxson and D. Song. Monarch: Providing Real-Time URL Spam Filtering as a Service. IEEE Symposium on Security and Privacy, 2011, Oakland, USA.