TWC: SBES: Small: Modeling the Economics of Search-Engine Manipulation

TWC：SBES：小型：搜索引擎操纵的经济学建模

• 批准号: 1223762
• 负责人: Nicolas Christin
• 金额: $ 49.86万
• 依托单位: Carnegie-Mellon University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2012
• 资助国家: 美国
• 起止时间: 2012-09-01 至 2017-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1223762&HistoricalAwards=false
• 关键词: TWC; SBES; Small; Modeling; Economics

Many recent security attacks are financially motivated. Understanding how attackers monetize their activities is critical to combine technological, legal, and economic intervention to render certain classes of attacks unprofitable, and disincentivize miscreants from considering them.Manipulation of social network and web search-engine results to promote illicit businesses is increasingly common. Rather than the product of isolated attackers, search-engine manipulation relies on collaboration between many distinct actors, ranging from individuals installing malware on end-systems, to miscreants funneling traffic in exchange for commissions on sales.This project aims to quantitatively model the economic interactions between the actors behind search-engine manipulation, and to infer which intervention policies could raise the cost of carrying out these attacks. We develop novel measurement methodologies to collect large amounts of field data, cross-reference our measurements with data from industry partners, and gather forensic evidence on compromised hosts that are unknowingly participating in attacks. This leads us to quantify various operational parameters (e.g., common malware families, common infrastructure components...), and use them to build economic models of search-engine manipulation attacks. Project outcomes include (1) identifying salient features that denote relationships between different entities participating in search-engine manipulation campaigns, (2) describing possible relationships between different types of illicit online trades, and (3) discovering points of failure in the attackers' infrastructure, that the defenders can try to exploit. More generally, this study will further refine our understanding of online crime economics, which will not only be useful to security researchers, but also to economists and criminologists.

最近的许多安全攻击都是出于经济动机。了解攻击者如何将其活动货币化，对于联合收割机结合技术、法律的和经济干预，使某些类别的攻击无利可图，并使不法分子失去考虑这些攻击的动机至关重要。操纵社交网络和网络搜索引擎结果以促进非法业务的现象越来越普遍。搜索引擎操纵不是孤立的攻击者的产物，而是依赖于许多不同参与者之间的协作，从在终端系统上安装恶意软件的个人，到不法分子利用流量换取销售佣金。本项目旨在定量建模搜索引擎操纵背后的参与者之间的经济互动，并推断哪些干预政策可能会提高实施这些攻击的成本。 我们开发新型测量方法来收集大量现场数据，将我们的测量结果与行业合作伙伴的数据进行交叉参考，并收集有关在不知不觉中参与攻击的受感染主机的取证证据。这导致我们量化各种操作参数（例如，常见的恶意软件家族、常见的基础设施组件......），并利用它们来建立搜索引擎操纵攻击的经济模型。 项目成果包括：（1）识别参与搜索引擎操纵活动的不同实体之间关系的显著特征，（2）描述不同类型的非法在线交易之间的可能关系，以及（3）发现攻击者基础设施中的故障点，防御者可以尝试利用。更一般地说，这项研究将进一步完善我们对网络犯罪经济学的理解，这不仅对安全研究人员有用，对经济学家和犯罪学家也有用。