Show me the money: Characterizing spam-advertised revenue

Chris Kanich; Nicholas Weaver; Damon McCoy; Tristan Halvorson; Christian Kreibich; Kirill Levchenko; Vern Paxson; Geoffrey M. Voelker; Stefan Savage

Show me the money: Characterizing spam-advertised revenue

Chris Kanich, Nicholas Weaver, Damon McCoy, Tristan Halvorson, Christian Kreibich, Kirill Levchenko, Vern Paxson, Geoffrey M. Voelker, Stefan Savage

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Modern spam is ultimately driven by product sales: Goods purchased by customers online. However, while this model is easy to state in the abstract, our understanding of the concrete business environment-how many orders, of what kind, from which customers, for how much-is poor at best. This situation is unsurprising since such sellers typically operate under questionable legal footing, with "ground truth" data rarely available to the public. However, absent quantifiable empirical data, "guesstimates" operate unchecked and can distort both policy making and our choice of appropriate interventions. In this paper, we describe two inference techniques for peering inside the business operations of spam-advertised enterprises: Purchase pair and basket inference. Using these, we provide informed estimates on order volumes, product sales distribution, customer makeup and total revenues for a range of spamadvertised programs.

Original language	English (US)
Title of host publication	Proceedings of the 20th USENIX Security Symposium
Publisher	USENIX Association
Pages	219-233
Number of pages	15
ISBN (Electronic)	9781931971874
State	Published - 2011
Externally published	Yes
Event	20th USENIX Security Symposium - San Francisco, United States Duration: Aug 8 2011 → Aug 12 2011

Publication series

Name	Proceedings of the 20th USENIX Security Symposium

Conference

Conference	20th USENIX Security Symposium
Country/Territory	United States
City	San Francisco
Period	8/8/11 → 8/12/11

ASJC Scopus subject areas

Computer Networks and Communications
Information Systems
Safety, Risk, Reliability and Quality

Library availability

Discover UIUC Full Text

Cite this

Kanich, C, Weaver, N, McCoy, D, Halvorson, T, Kreibich, C, Levchenko, K, Paxson, V, Voelker, GM & Savage, S 2011, Show me the money: Characterizing spam-advertised revenue. in Proceedings of the 20th USENIX Security Symposium. Proceedings of the 20th USENIX Security Symposium, USENIX Association, pp. 219-233, 20th USENIX Security Symposium, San Francisco, United States, 8/8/11.

@inproceedings{03707033ffc84ce4a48674c54cdb9afb,

title = "Show me the money: Characterizing spam-advertised revenue",

abstract = "Modern spam is ultimately driven by product sales: Goods purchased by customers online. However, while this model is easy to state in the abstract, our understanding of the concrete business environment-how many orders, of what kind, from which customers, for how much-is poor at best. This situation is unsurprising since such sellers typically operate under questionable legal footing, with {"}ground truth{"} data rarely available to the public. However, absent quantifiable empirical data, {"}guesstimates{"} operate unchecked and can distort both policy making and our choice of appropriate interventions. In this paper, we describe two inference techniques for peering inside the business operations of spam-advertised enterprises: Purchase pair and basket inference. Using these, we provide informed estimates on order volumes, product sales distribution, customer makeup and total revenues for a range of spamadvertised programs.",

author = "Chris Kanich and Nicholas Weaver and Damon McCoy and Tristan Halvorson and Christian Kreibich and Kirill Levchenko and Vern Paxson and Voelker, {Geoffrey M.} and Stefan Savage",

note = "Publisher Copyright: {\textcopyright} 2011 by The USENIX Association.; 20th USENIX Security Symposium ; Conference date: 08-08-2011 Through 12-08-2011",

year = "2011",

language = "English (US)",

series = "Proceedings of the 20th USENIX Security Symposium",

publisher = "USENIX Association",

pages = "219--233",

booktitle = "Proceedings of the 20th USENIX Security Symposium",

}

TY - GEN

T1 - Show me the money

T2 - 20th USENIX Security Symposium

AU - Kanich, Chris

AU - Weaver, Nicholas

AU - McCoy, Damon

AU - Halvorson, Tristan

AU - Kreibich, Christian

AU - Levchenko, Kirill

AU - Paxson, Vern

AU - Voelker, Geoffrey M.

AU - Savage, Stefan

PY - 2011

Y1 - 2011

N2 - Modern spam is ultimately driven by product sales: Goods purchased by customers online. However, while this model is easy to state in the abstract, our understanding of the concrete business environment-how many orders, of what kind, from which customers, for how much-is poor at best. This situation is unsurprising since such sellers typically operate under questionable legal footing, with "ground truth" data rarely available to the public. However, absent quantifiable empirical data, "guesstimates" operate unchecked and can distort both policy making and our choice of appropriate interventions. In this paper, we describe two inference techniques for peering inside the business operations of spam-advertised enterprises: Purchase pair and basket inference. Using these, we provide informed estimates on order volumes, product sales distribution, customer makeup and total revenues for a range of spamadvertised programs.

AB - Modern spam is ultimately driven by product sales: Goods purchased by customers online. However, while this model is easy to state in the abstract, our understanding of the concrete business environment-how many orders, of what kind, from which customers, for how much-is poor at best. This situation is unsurprising since such sellers typically operate under questionable legal footing, with "ground truth" data rarely available to the public. However, absent quantifiable empirical data, "guesstimates" operate unchecked and can distort both policy making and our choice of appropriate interventions. In this paper, we describe two inference techniques for peering inside the business operations of spam-advertised enterprises: Purchase pair and basket inference. Using these, we provide informed estimates on order volumes, product sales distribution, customer makeup and total revenues for a range of spamadvertised programs.

UR - http://www.scopus.com/inward/record.url?scp=85076490024&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85076490024&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85076490024

T3 - Proceedings of the 20th USENIX Security Symposium

SP - 219

EP - 233

BT - Proceedings of the 20th USENIX Security Symposium

PB - USENIX Association

Y2 - 8 August 2011 through 12 August 2011

ER -

Show me the money: Characterizing spam-advertised revenue

Abstract

Publication series

Conference

ASJC Scopus subject areas

Library availability

Related links

Fingerprint

Cite this