Thoughts on WEIS 2010

Posted on June 9, 2010 by Oliver Day

Earlier this week I sat in on the Workshop on the Economics of Information Security.  One of the more lively research papers presented was on insecurities in the online pornography industry.  The paper [0] has also been written about by Threatpost [1].  As noted by Naraine’s article the team crawled just over 35,000 websites using an automated system.  Interestingly the team discovered that about 3.23% of those sites were also infected with drive by downloads.  One aspect of the research I was curious about was the degree to which those infected porn sites were popular.  I spoke with Dr Wondracek after his talk to speak about the possibility of figuring this out.  In my own thesis last semester I discovered that of the sampled sites we receive from our data partners less than 3% of the those were listed as popular by Alexa.

To determine this one simply downloads Alexa’s “Top 1,000,000 Websites” list [2] and formats the list for comparison appropriately.  (Alexa’s list uses canonical hostnames) Then simply take the intersection of that list (find which hostnames appear on list A and list B) and use that to create a percentage.  This statistic should answer Pr(Popularity|Infection) or the probability of popularity given an infection.

[edit: moved links to bottom in footnote format for better readability]
[0] http://weis2010.econinfosec.org/papers/session2/weis2010_wondracek.pdf
[1] http://threatpost.com/en_us/blogs/understanding-porn-malware-connections-060810
[2] http://s3.amazonaws.com/alexa-static/top-1m.csv.zip

This entry was posted in Uncategorized and tagged , , . Bookmark the permalink.

Comments are closed.