Kirill Levchenko scite author profile

Underground forums, where participants exchange information on abusive tactics and engage in the sale of illegal goods and services, are a form of online social network (OSN). However, unlike traditional OSNs such as Facebook, in underground forums the pattern of communications does not simply encode pre-existing social relationships, but instead captures the dynamic trust relationships forged between mutually distrustful parties. In this paper, we empirically characterize six different underground forumsBlackHatWorld, Carders, HackSector, HackE1ite, Freehack, and L33tCrew -examining the properties of the social networks formed within, the content of the goods and services being exchanged, and lastly, how individuals gain and lose trust in this setting.

show abstract

Click Trajectories: End-to-End Analysis of the Spam Value Chain

Levchenko

et al. 2011

View full text Add to dashboard Cite

Unexpected means of protocol inference

et al. 2006

View full text Add to dashboard Cite

Network managers are inevitably called upon to associate network traffic with particular applications. Indeed, this operation is critical for a wide range of management functions ranging from debugging and security to analytics and policy support. Traditionally, managers have relied on application adherence to a well established global port mapping: Web traffic on port 80, mail traffic on port 25 and so on. However, a range of factors -including firewall port blocking, tunneling, dynamic port allocation, and a bloom of new distributed applications -has weakened the value of this approach. We analyze three alternative mechanisms using statistical and structural content models for automatically identifying traffic that uses the same application-layer protocol, relying solely on flow content. In this manner, known applications may be identified regardless of port number, while traffic from one unknown application will be identified as distinct from another. We evaluate each mechanism's classification performance using realworld traffic traces from multiple sites.

show abstract

Tracking Ransomware End-to-end

Huang

Aliapoulios

et al. 2018

146

View full text Add to dashboard Cite

Ransomware is a type of malware that encrypts the files of infected hosts and demands payment, often in a cryptocurrency such as Bitcoin. In this paper, we create a measurement framework that we use to perform a large-scale, two-year, end-to-end measurement of ransomware payments, victims, and operators. By combining an array of data sources, including ransomware binaries, seed ransom payments, victim telemetry from infections, and a large database of Bitcoin addresses annotated with their owners, we sketch the outlines of this burgeoning ecosystem and associated third-party infrastructure.In particular, we trace the financial transactions, from the moment victims acquire bitcoins, to when ransomware operators cash them out. We find that many ransomware operators cashed out using BTC-e, a now-defunct Bitcoin exchange. In total we are able to track over $16 million in likely ransom payments made by 19,750 potential victims during a two-year period. While our study focuses on ransomware, our methods are potentially applicable to other cybercriminal operations that have similarly adopted Bitcoin as their payment channel.

show abstract

A fistful of bitcoins

et al. 2013

View full text Add to dashboard Cite

Interesting paper (both in its "tutorial" aspects and analysis), with nice methods and results to assign addresses to real entities. The underlying problem, and the network analyzed in this paper are very interesting. The story and evolution of the heuristics was captivating, and the results can help better understand the Bitcoin network and its operations. It answers an important question (what quality of anonymity doesBitcoin provide?) It presents an interesting new result (that Bitcoin transaction flows can be to a large extent "deanonymized"). It observes and analyzes what the authors' call as 'peeling chains', and proposes interesting approaches towards tracking thefts and suspicious huge monetary transactions.Paper performs a good job of collecting data, and their two heuristic seems reasonable (at least presently).

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.