No plan survives contact: Experience with cybercrime measurement

Chris Kanich, Neha Chachra, Damon McCoy, Chris Grier, David Y. Wang, Marti Motoyama, Kirill Levchenko, Stefan Savage, Geoffrey M. Voelker

Research output: Contribution to conferencePaperpeer-review


An important mode of empirical security research involves analyzing the behavior, capabilities, and motives of adversaries. By definition, such measurements cannot be conducted in controlled settings and require “engagement” directly with adversaries, their infrastructure or their ecosystem. However, the operational complexities required to successfully carry out such measurements are significant and rarely documented; blacklisting, payment instruments, fraud controls and contact management all represent real challenges in such studies. In this paper, we document our experiences conducting such measurements over five years (covering a range of distinct studies) and distill effective operational practices for others who might conduct similar experiments in the future.

Original languageEnglish (US)
StatePublished - 2011
Externally publishedYes
Event4th Workshop on Cyber Security Experimentation and Test, CSET 2011 - San Francisco, United States
Duration: Aug 8 2011 → …


Conference4th Workshop on Cyber Security Experimentation and Test, CSET 2011
Country/TerritoryUnited States
CitySan Francisco
Period8/8/11 → …

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality


Dive into the research topics of 'No plan survives contact: Experience with cybercrime measurement'. Together they form a unique fingerprint.

Cite this