dissecting one click frauds authors: nicolas christin, sally s. yanagihara, keisuke kamataki...
TRANSCRIPT
Dissecting One Click FraudsAuthors: Nicolas Christin, Sally S. Yanagihara, Keisuke KamatakiProceedings of the ACM CCS 2010Reporter: Jing ChiuAdvisor: Yuh-Jye LeeEmail: [email protected]
112/04/19 1Data Mining & Machine Learning Lab
Outlines• Introduction
▫ One Click Fraud• Data Collection
▫ Channel BBS▫ Koguma-neko Teikoku▫ Wan-Cli Zukan
• Data Analysis▫ Infrastructural loopholes▫ Grouping miscreants▫ Evidence of other illicit activities
• Economic Incentives▫ Cost-benefit analysis▫ Fraud profitability▫ Legal aspects▫ Field measurements
• Conclusions112/04/19 2Data Mining & Machine Learning Lab
•2 Channel BBS▫The largest bulletin board in Japan▫March 6, 2006 ~ October 26, 2009
•Koguma-neko Teikoku▫Privately owned website▫August 24, 2006 ~ August 14, 2009
•Wan-Cli Zukan▫Privately owned website▫September 6,2006 ~ October 26, 2009
Data Collection
112/04/19 Data Mining & Machine Learning Lab 4
•Data parsing•Extracted attributes•Store to MySQL database
Data Collection (cont.)
112/04/19 Data Mining & Machine Learning Lab 5
• Infrastructural loopholes▫Phone numbers▫Bank▫DNS registrars▫DNS resellers
• Grouping miscreants▫Use undirected graph to represent the dataset▫Fraud distribution
• Evidence of other illicit activities▫Eight blacklisting services and Google Safe
Browsing
Data Analysis
112/04/19 Data Mining & Machine Learning Lab 7
•Cost-benefit analysis•Fraud profitability•Legal aspects•Field measurements
Economic Incentives
112/04/19 Data Mining & Machine Learning Lab 8
•Collect and analyze a corpus of over 2,000 reported One Click Fraud incidents
•Describe a number of potential vulnerabilities which be used for scam
•Shows an important reason for why scam flourish
Conclusions
112/04/19 Data Mining & Machine Learning Lab 9
•Top 10 popular registrars vs. Top 11 in One Click Frauds
DNS Registrars
112/04/19 Data Mining & Machine Learning Lab 11