Computer security is a field in which defenses are pitted against adversaries. Thus, it is critical to understand the capabilities and motivations of the adversary if one is to plan effective defenses. However, modern Internet-based attacks are largely driven by economic factors that are only understood in the abstract. While we know that it is sufficiently cheap to compromise Internet hosts that large-scale botnets have become a compelling platform for launching attacks, we simply do not understand the scale of the revenue that that such activities bring in. While we understand that billions of spam e-mails are sent per day, the conversion rate of this spam ? the probability that a sent message will result in a ?sale? ? is largely unknown. Absent such information it is difficult to reason about the structural nature of the conflict between attackers and defenders.
Traditionally, obtaining information about the critical economic factors in Internet attacks is difficult because such information is only visible to the attacker themselves. Our research is focused on sidestepping this issue by infiltrating the technical infrastructure ? the botnets themselves ? used by Internet miscreants. Our technique, called ?distribution infiltration? provides a means to directly quantify key aspects of spam and phishing campaigns as well as to measure the impact of defenses on an economic footing (i.e., their impact on the profitability of e-crime). Our research will both refine these methodologies and produce concrete data for developing economic-based threat models of computer security.
