measuring the impact of sharing abuse data with web
play

Measuring the Impact of Sharing Abuse Data with Web Hosting - PowerPoint PPT Presentation

Mar 20, 2023 •108 likes •397 views

Measuring the Impact of Sharing Abuse Data with Web Hosting Providers Marie Vasek , Matthew Weeden, and Tyler Moore University of Tulsa WISCS 24 October 2016 1 of 27 StopBadware Founded in 2006 by Harvards Berkman Klein Center for

  1. Measuring the Impact of Sharing Abuse Data with Web Hosting Providers Marie Vasek , Matthew Weeden, and Tyler Moore University of Tulsa WISCS 24 October 2016 1 of 27

  3. StopBadware • Founded in 2006 by Harvard’s Berkman Klein Center for Internet and Society • Now housed at the University of Tulsa • Provides independent reviews of websites appearing on 3 malware blacklists 3 of 27

  4. Review Requests for Individual URLs 4 of 27

  5. Review Requests for Bulk URLs 5 of 27

  6. Research Questions Does sending bulk reports help? • Short term: ◦ Do reported URLs get cleaned up? ◦ Which URLs are more likely to get cleaned up? • Long term: ◦ Do ASes get better at cleaning URLs after receiving bulk reports? 6 of 27

  7. Overview • Brief overview of study • Define metrics • Direct impact of sharing abuse data • Indirect impact of sharing abuse data • Conclusions 7 of 27

  8. Bulk Requests over Time 5000 # URLs shared 500 50 5 1 2010 2011 2012 2013 2014 2015 Date shared 8 of 27

  9. Summary Statistics • Google Safebrowsing Data used exclusively • 6 year time frame (2010 - 2015) • 69 stakeholders requested reports • 41 web hosting providers in our study ◦ Responsible for entire AS ◦ Sent Google Safebrowsing Data ◦ Had at least a month of data before/after • 28 548 URLs reported 9 of 27

  10. Malware Cleanup Metrics • Clean ◦ Off the blacklist ◦ Stays off for 3 weeks • Recompromise ◦ A previously blacklisted URL is clean and then is reblacklisted 10 of 27

  11. Measuring Direct and Indirect Impact of Reporting • Direct Impact ◦ Are the URLs we shared cleaned up? • Indirect Impact ◦ Are networks “better” after receiving a bulk review from StopBadware? • Do they clean malware URLs faster? • Do they clean malware URLs more effectively? 11 of 27

  12. Measurement Timeline blacklist to clean blacklist to report report to clean blacklisted reported clean 12 of 27

  13. Cleanup of URLs Shared with ASes URLS shared with ASes 1.0 Pr(report to clean days >= X) 0.8 0.6 0.4 0.2 0.0 1 5 50 500 Report to Clean (days) 13 of 27

  14. Measurement Timeline blacklist to clean blacklist to report report to clean blacklisted reported clean 14 of 27

  15. Long Lived Malware Takes Longer to Clean Median Report to Clean (Days) [Bar] Blacklist to Report (Days) [Line] 1000 500 ● 800 400 ● 300 600 ● 400 200 ● 100 200 ● ● ● ● ● 0 0 ● 0− 10− 20− 30− 40− 50− 60− 70− 80− 90− 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Decile for Blacklist to Report (Days) 15 of 27

  16. Pre- vs. Post-Contact Cleanup Survival probability before and after contact 1.0 pre−contact Pr(blacklist to clean days >=X) post−contact 0.8 0.6 0.4 0.2 0.0 1 2 5 10 50 200 Blacklist to Clean (days) 16 of 27

  17. Pre- vs. Post-Contact Cleanup: Improved AS 17 of 27

  18. Pre- vs. Post-Contact Cleanup: Worsened AS 18 of 27

  19. Pre- vs. Post-Contact Cleanup: Unclear effect AS 19 of 27

  20. Change in Metrics Pre- and Post- Sharing # ∆ days to clean ∆ recomp. rate Improved 13 58 0.010 Worsened 3 -176 0.085 Unclear 17 13 0.008 20 of 27

  21. Comparing Change in Metrics by AS Median recompromise rate pre−sharing − post−sharing 0.15 ● 0.10 ● 0.05 ● 0.00 ● −0.05 ● ● Top Quartile Report to Clean 2nd Quartile Report to Clean −0.10 3rd Quartile Report to Clean Bottom Quartile Report to Clean ● −300 −200 −100 0 100 Median blacklist to clean pre−sharing − post−sharing 21 of 27

  22. Matched Pair Analysis • What would happen if StopBadware had not sent out reviews? • Matched pairs between reported-to ASes and similar ASes • Similar? ◦ Same country ◦ Similar level of badness • Key Assumption: All else equal, ASes would exhibit similar patterns 22 of 27

  23. Measurement Timeline blacklist to clean blacklist to report report to clean blacklisted reported clean 23 of 27

  24. Matched Pair: Cleanup of URLs Shared with ASes URLS shared with ASes 1.0 reported ASes matched pairs Pr(report to clean days >= X) 0.8 0.6 0.4 0.2 0.0 1 5 50 500 Report to Clean (days) 24 of 27

  25. Matched Pair: Pre- vs. Post-Contact Cleanup Survival probability before and after contact 1.0 pre−contact Pr(blacklist to clean days >=X) post−contact pre−contact (mp) 0.8 post−contact (mp) 0.6 0.4 0.2 0.0 1 2 5 10 50 200 Blacklist to Clean (days) 25 of 27

  26. Responsive ASes Improve Long Term after Report Median recompromise rate pre−sharing − post−sharing 0.15 ● 0.10 ● 0.05 ● 0.00 ● −0.05 ● ● Top Quartile Report to Clean 2nd Quartile Report to Clean −0.10 3rd Quartile Report to Clean Bottom Quartile Report to Clean ● −300 −200 −100 0 100 Median blacklist to clean pre−sharing − post−sharing 26 of 27

  27. Conclusions • Directly sharing URLs helps clean up those URLs ◦ Consistent with prior work on individual reports ◦ This work finds it to be true for bulk reporting • No evidence for long term change overall ◦ Improvements on individual providers • Long lived malware a scourge ◦ Lots of efforts concentrating on newly infected websites ◦ Lurking infections continue to harm, perhaps compounding ◦ Current efforts not sufficient for stopping this “immortal” malware 27 of 27

Recommend

Data Society the Impact of Data Sharing on Our Everydays Life 1 st Swiss Workshop on Data

Data Society the Impact of Data Sharing on Our Everydays Life 1 st Swiss Workshop on Data

Data Society the Impact of Data Sharing on Our Everydays Life 1 st Swiss Workshop on Data Science ZHAW School of Engineering, Winterthur 21 March 2014 Andr Golliez Managing Partner itopia ag President Opendata.ch, Swiss Chapter of the

656 views • 30 slides
Measuring the economic impact of Covid-19 in the UK with business website data Juan

Measuring the economic impact of Covid-19 in the UK with business website data Juan

Measuring the economic impact of Covid-19 in the UK with business website data Juan Mateos-Garcia Starting at 11.30AM ESCoE COVID-19 ECONOMIC MEASUREMENT WEBINARS Measuring the Economic Impact of Covid-19 with business website data Alex

408 views • 40 slides
The Role of Case Studies in Effective Data Sharing, Reuse and Impact Rebecca Parsons and Scott

The Role of Case Studies in Effective Data Sharing, Reuse and Impact Rebecca Parsons and Scott

The Role of Case Studies in Effective Data Sharing, Reuse and Impact Rebecca Parsons and Scott Summers UK Data Service, UK Data Archive IASSIST 2016 Embracing the Data Revolution: Opportunities and Challenges for Research 2 nd June

572 views • 15 slides
Workshop 1. . Measuring impact on end learners Purpose of f this workshop To explore

Workshop 1. . Measuring impact on end learners Purpose of f this workshop To explore

Workshop 1. . Measuring impact on end learners Purpose of f this workshop To explore different ways of measuring impact on end learners To share tools and whats worked To be honest about some of the challenges Measuring Im

214 views • 5 slides
EMA Workshop : measuring the impact of pharmacovigilance activities ASTRO-LAB & SNIIRAM:

EMA Workshop : measuring the impact of pharmacovigilance activities ASTRO-LAB & SNIIRAM:

EMA Workshop : measuring the impact of pharmacovigilance activities ASTRO-LAB & SNIIRAM: CONSISTENT FIELD & CLAIMS STUDIES The risks of asthma therapy as assessed from real-life data : a complex story Eric VAN GANSE, December

1.35k views • 8 slides
Measuring What Matters Quality, Impact and Measuring Social Value Philip Angier, Angier Griffin

Measuring What Matters Quality, Impact and Measuring Social Value Philip Angier, Angier Griffin

Measuring What Matters Quality, Impact and Measuring Social Value Philip Angier, Angier Griffin Measuring what matters Introductions: Name Organisation Where youre from first part of postcode Size approx annual

583 views • 27 slides
Impact assessment of the EIB support to SMEs Workshop on measuring impact and additionality 30

Impact assessment of the EIB support to SMEs Workshop on measuring impact and additionality 30

Impact assessment of the EIB support to SMEs Workshop on measuring impact and additionality 30 June 2020 (online) Alessandro Barbera, ron Gereben, Marcin Wolski European Investment Bank Group 1 Context I Balance-sheet perspective of a C19

385 views • 19 slides
EMA Workshop on measuring the impact of pharmacovigilance activities December 5-6, 2016 Session

EMA Workshop on measuring the impact of pharmacovigilance activities December 5-6, 2016 Session

EMA Workshop on measuring the impact of pharmacovigilance activities December 5-6, 2016 Session 2 Health Canadas Approach to Measuring Impact of Pharmacovigilance and Regulatory Decisions Dr. John Patrick Stewart, MD, CCFP(EM) Marketed

175 views • 15 slides
Workshop: measuring the impact of pharmacovigilance activities 5-6 December 2016 European

Workshop: measuring the impact of pharmacovigilance activities 5-6 December 2016 European

Workshop: measuring the impact of pharmacovigilance activities 5-6 December 2016 European Medicines Agency, London, United Kingdom Challenges of measuring the impact of pharmacovigilance processes Judith Sanabria, M.D. Clinical

221 views • 10 slides
What can researchers contribute to measuring impact? Agnes Kant, Epidemiologist Director Lareb

What can researchers contribute to measuring impact? Agnes Kant, Epidemiologist Director Lareb

What can researchers contribute to measuring impact? Agnes Kant, Epidemiologist Director Lareb Special Interest Group Measuring impact of pharmacovigilance activities Objective SIG Develop methods for modeling health outcomes of

639 views • 15 slides
IR IRIS IS+ | The generally accepted system for measuring, managing and optimizing impact Key

IR IRIS IS+ | The generally accepted system for measuring, managing and optimizing impact Key

IR IRIS IS+ | The generally accepted system for measuring, managing and optimizing impact Key features of IRIS+ include: Core Metrics Sets to increase data clarity and comparability Streamlined evidence base, research, practical how-to

177 views • 4 slides
ResearchersNight MEASURING IMPACT: WHICH INDICATORS AND INSTRUMENTS TO USE Establishing

ResearchersNight MEASURING IMPACT: WHICH INDICATORS AND INSTRUMENTS TO USE Establishing

Esmay Walker: Research and Impact Officer, University of Huddersfield European ResearchersNight MEASURING IMPACT: WHICH INDICATORS AND INSTRUMENTS TO USE Establishing Impact Indicators Why? Demonstrate real-world value of research

269 views • 10 slides
1. The potential of data sharing 2. An ideal professed but not practiced * 1. Researchers 2.

1. The potential of data sharing 2. An ideal professed but not practiced * 1. Researchers 2.

Perspectives on Academic Data Sharing Benedikt Fecher, German Institute for Economic Research Berlin, 19th April 2016 8,65 Data Sharing in Academia Agenda 1. The potential of data sharing 2. An ideal professed but not practiced * 1. Researchers

329 views • 22 slides
Measuring Happiness the Big Data Way Measuring emotional content Clinical and Translational

Measuring Happiness the Big Data Way Measuring emotional content Clinical and Translational

Happiness Some motivation Measuring Happiness the Big Data Way Measuring emotional content Clinical and Translational Research Seminar, UVM Data sets Analysis Songs Peter Dodds, Chris Danforth, Blogs SOTU Isabel Kloumann, Cathy Bliss,

886 views • 62 slides
EOTSS: Data Sharing and Services July 18 , 2019 Agenda Data Sharing Framework Overview

EOTSS: Data Sharing and Services July 18 , 2019 Agenda Data Sharing Framework Overview

EOTSS: Data Sharing and Services July 18 , 2019 Agenda Data Sharing Framework Overview of EOTSS's Data Services Key Products: Data Prep / Secure Storage Data Analytics Data Visualization Data Sharing Data

575 views • 20 slides
Measuring the Impact of Microcredit with Counterfactual Impact Evaluations Beatrice dHombres,

Measuring the Impact of Microcredit with Counterfactual Impact Evaluations Beatrice dHombres,

The European Commissions science and knowledge service Joint Research Centre Measuring the Impact of Microcredit with Counterfactual Impact Evaluations Beatrice dHombres, Timothee Demont Leandro Elia, Corinna Ghirelli Joint Research

737 views • 51 slides
Data to Evaluate the Social Impact and to Understand the Social Entrepreneurship Phenomenon

Data to Evaluate the Social Impact and to Understand the Social Entrepreneurship Phenomenon

Data to Evaluate the Social Impact and to Understand the Social Entrepreneurship Phenomenon Steve Coles Managing Director, Intentionality CIC 19 th February 2015 Introduction and Contents How do social enterprises go about measuring impact?

340 views • 16 slides
Measuring for Success: Using Data to Reach Your Target Communities and Improve Enrollment

Measuring for Success: Using Data to Reach Your Target Communities and Improve Enrollment

Measuring for Success: Using Data to Reach Your Target Communities and Improve Enrollment Strategies August 6, 2015 2:00 PM Agenda Overview and Introductions From Statewide Tracking to On-the- Ground Impact: Metrics and Evaluation with

1.19k views • 71 slides
Measuring Happiness the Big Data Way Measuring emotional content DPG Spring Meeting, Dresden

Measuring Happiness the Big Data Way Measuring emotional content DPG Spring Meeting, Dresden

Happiness Some motivation Measuring Happiness the Big Data Way Measuring emotional content DPG Spring Meeting, Dresden 2011 Data sets Analysis Songs Peter Dodds, Chris Danforth, Blogs Tweets Isabel Kloumann, Cathy Bliss, and Kameron

791 views • 55 slides
Measuring socio-economic impact A guide for business Overview presentation April 2013 Context

Measuring socio-economic impact A guide for business Overview presentation April 2013 Context

Measuring socio-economic impact A guide for business Overview presentation April 2013 Context Companies: increasingly interested in measuring socio- economic impact as part of: - Maintaining their license to operate - Improving the enabling

763 views • 10 slides
Issued for Abuse Measuring the Underground Trade in Code Signing Certificates Kristin Kozk

Issued for Abuse Measuring the Underground Trade in Code Signing Certificates Kristin Kozk

Issued for Abuse Measuring the Underground Trade in Code Signing Certificates Kristin Kozk , Bum Jun Kwon , Doowon Kim , Tudor Dumitra Masaryk University, Brno University of Maryland Presented at Code Signing:

583 views • 24 slides
ICANN61 Tech Day IDN Abuse M e r i k e K a e o ( p r e s e n t i n g ) R e s e a r c h b

ICANN61 Tech Day IDN Abuse M e r i k e K a e o ( p r e s e n t i n g ) R e s e a r c h b

ICANN61 Tech Day IDN Abuse M e r i k e K a e o ( p r e s e n t i n g ) R e s e a r c h b y : M i k e S c h i f f m a n , S t e p h e n W a t t FARSIGHT SECURITY Mo#va#on Lots of Data To Play With Shed Light on Domain Abuse

336 views • 16 slides
JLCIMT/State CIO Geospatial Data Sharing Workgroup Geospatial Framework Data Sharing Among Public

JLCIMT/State CIO Geospatial Data Sharing Workgroup Geospatial Framework Data Sharing Among Public

JLCIMT/State CIO Geospatial Data Sharing Workgroup Geospatial Framework Data Sharing Among Public Bodies HB 2906 February 2017 Geospatial Framework Data Layers GEO STORY MAP WEB LINK Geospatial Data any dataset with a locational element,

400 views • 12 slides
Economic abuse What Research Tells Us Dr Nicola Sharp-Jeffs Overview What is economic

Economic abuse What Research Tells Us Dr Nicola Sharp-Jeffs Overview What is economic

Economic abuse What Research Tells Us Dr Nicola Sharp-Jeffs Overview What is economic abuse? How is it different to financial abuse ? Economic abuse and coercive control Economic abuse post-separation Prevalence data for UK and

326 views • 31 slides

More recommend