An Agenda for Empirical Cyber Crime Research

Keynote Address given by Stefan Savage, Director of the Collaborative Center for Internet Epidemiology and Defenses (CCIED) and Associate Professor at the University of California, San Diego.

Talk given at the 2011 USENIX Federated Conferences Week, which took place June 14-17, 2011, in Portland, OR.

Abstract:
Computer security is a field that is fundamentally co-dependent—driven to respond by the actions of adversaries. This dance fuels both the research community and a multi-billion-dollar computer security industry. However, to date most efforts have focused on the technical components of this battle: identifying new vulnerabilities, exploits, and attacks, building and deploying new defenses, and so on. In this talk, I will argue for a complementary research agenda based on understanding the business models that drive today's Internet attacks, deconstructing the underlying value chain for attackers and ultimately using this information to better focus on security interventions. I will provide a rough sketch of the modern cyber-criminal ecosystem, describe its dependencies, and highlight some of the key open questions that motivate our focus. Using a range of activities, including our own completed studies, work in progress, and work in development, I'll illustrate how many of these questions can be tackled empirically. Along the way, I'll discuss the real and significant challenges in conducting this sort of research and how we address these issues in practice. Finally, I'll play pundit and predict where the greatest opportunities for impact are likely to be found.

Speaker:
Stefan Savage is a professor of Computer Science and Engineering at the University of California, San Diego. He received his Ph.D. in Computer Science and Engineering from the University of Washington and a B.S. in Applied History from Carnegie Mellon University. Savage's research interests lie at the intersection of distributed systems, networking, and computer security, with a current focus on embedded security and the economics of cybercrime. He currently serves as director of UCSD's Center for Network Systems (CNS) and as co-director for the Cooperative Center for Internet Epidemiology and Defenses (CCIED), a joint effort between UCSD and the International Computer Science Institute. Savage is a fairly down-to-earth guy and only writes about himself in the third person when asked.