Show me the money: Characterizing spam-advertised revenue

Chris Kanich, Nicholas Weaver, Damon McCoy, Tristan Halvorson, Christian Kreibich, Kirill Levchenko, Vern Paxson, Geoffrey M. Voelker, Stefan Savage

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Modern spam is ultimately driven by product sales: Goods purchased by customers online. However, while this model is easy to state in the abstract, our understanding of the concrete business environment-how many orders, of what kind, from which customers, for how much-is poor at best. This situation is unsurprising since such sellers typically operate under questionable legal footing, with "ground truth" data rarely available to the public. However, absent quantifiable empirical data, "guesstimates" operate unchecked and can distort both policy making and our choice of appropriate interventions. In this paper, we describe two inference techniques for peering inside the business operations of spam-advertised enterprises: Purchase pair and basket inference. Using these, we provide informed estimates on order volumes, product sales distribution, customer makeup and total revenues for a range of spamadvertised programs.

Original languageEnglish (US)
Title of host publicationProceedings of the 20th USENIX Security Symposium
PublisherUSENIX Association
Pages219-233
Number of pages15
ISBN (Electronic)9781931971874
StatePublished - 2011
Externally publishedYes
Event20th USENIX Security Symposium - San Francisco, United States
Duration: Aug 8 2011Aug 12 2011

Publication series

NameProceedings of the 20th USENIX Security Symposium

Conference

Conference20th USENIX Security Symposium
CountryUnited States
CitySan Francisco
Period8/8/118/12/11

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'Show me the money: Characterizing spam-advertised revenue'. Together they form a unique fingerprint.

Cite this