Thoughts on WEIS 2010
Posted by Oliver Day
Earlier this week I sat in on the Workshop on the Economics of Information Security. One of the more lively research papers presented was on insecurities in the online pornography industry. The paper 0 has also been written about by Threatpost 1. As noted by Naraine’s article the team crawled just over 35,000 websites using an automated system. Interestingly the team discovered that about 3.23% of those sites were also infected with drive by downloads. One aspect of the research I was curious about was the degree to which those infected porn sites were popular. I spoke with Dr Wondracek after his talk to speak about the possibility of figuring this out. In my own thesis last semester I discovered that of the sampled sites we receive from our data partners less than 3% of the those were listed as popular by Alexa.
To determine this one simply downloads Alexa’s “Top 1,000,000 Websites” list 2 and formats the list for comparison appropriately. (Alexa’s list uses canonical hostnames) Then simply take the intersection of that list (find which hostnames appear on list A and list B) and use that to create a percentage. This statistic should answer Pr(Popularity|Infection) or the probability of popularity given an infection.
[edit: moved links to bottom in footnote format for better readability]
0 http://weis2010.econinfosec.org/papers/session2/weis2010_wondracek.pdf
1 http://threatpost.com/en_us/blogs/understanding-porn-malware-connections-060810
2 http://s3.amazonaws.com/alexa-static/top-1m.csv.zip