Skip to main content
SpringerLink
Log in

Re-evaluating the Wisdom of Crowds in Assessing Web Security

  • Conference paper
Financial Cryptography and Data Security (FC 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7035))

Included in the following conference series:

Abstract

We examine the outcomes of the Web of Trust (WOT), a user-based system for assessing web security and find that it is more comprehensive than three automated services in identifying ‘bad’ domains. Similarly to PhishTank, the participation patterns in WOT are skewed; however, WOT has implemented a number of measures to mitigate the risks of exploitation. In addition, a large percentage of its current user inputs are found to be based on objective and verifiable evaluation factors. We also confirm that users are concerned not only about malware and phishing. Online risks such as scams, illegal pharmacies and misuse of personal information are regularly brought up by the users. Such risks are not evaluated by the automated services, highlighting the potential benefits of user inputs. We also find a lack of sharing among the vendors of the automated services. We analyze the strengths and potential weaknesses of WOT and put forward suggestions for improvement.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. The UK Card Association: New Card and Banking Fraud Figures (March 10, 2010) http://www.theukcardsassociation.org.uk/media_centre/press_releases_new-page/922/

  2. Provos, N., Mavrommatis, P., Rajab, M., Monrose, F.: All your iFRAMEs point to Us. In: Proc. USENIX Security (2008)

    Google Scholar 

  3. Zhuge, J., Holz, T., Song, C., Guo, J., Han, X., Zou, W.: Studying Malicious Websites and the Underground Economy on the Chinese Web. In: Proc. WEIS (2008)

    Google Scholar 

  4. Moore, T., Clayton, R.: The impact of incentives on notice and takedown. In: Johnson, M. (ed.) Managing Information Risk and the Economics of Security (2008)

    Google Scholar 

  5. Wondracek, G., Holz, T., Platzer, C., Kirda, E., Kruegel, C.: Is the Internet for Porn? An Insight into the Online Adult Industry. In: Proc. WEIS (2010)

    Google Scholar 

  6. Edelman, B.: Adverse selection in online “trust” certifications and search results. Electronic Commerce Research and Applications (2010)

    Google Scholar 

  7. Surowiecki, J.: The wisdom of crowds. Anchor Books (2005)

    Google Scholar 

  8. PhishTank: Vendors using PhishTank, http://www.phishtank.com/friends.php

  9. Web of Trust (WOT): http://www.mywot.com . Query API: http://api.mywot.com/0.4/public_query2?url=site

  10. McAfee SiteAdvisor, http://www.siteadvisor.com/sites/site

  11. Norton Safe Web, http://safeweb.norton.com/report/show?url=site

  12. Google Safe Browsing diagnostic page. http://www.google.com/safebrowsing/diagnostic?site=site

  13. Moore, T., Clayton, R.C.: Evaluating the wisdom of crowds in assessing phishing websites. In: Tsudik, G. (ed.) FC 2008. LNCS, vol. 5143, pp. 16–30. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  14. Sheng, S., Wardman, B., Warner, G., Cranor, L.F., Hong, J., Zhang, C.: An empirical analysis of phishing blacklists. In: Proc. CEAS (2009)

    Google Scholar 

  15. Zhang, Y., Egelman, S., Cranor, L., Hong, J.: Phinding Phish: An Evaluation of Anti-Phishing Toolbars. In: Proc. NDSS (2007)

    Google Scholar 

  16. SpamCop, http://www.spamcop.net

  17. LegitScript, http://www.legitscript.com

  18. Alexa top million sites, http://www.alexa.com/topsites

  19. McAfee TrustedSource, http://www.trustedsource.org

  20. Moore, T., Clayton, R., Anderson, R.: The economics of online crime. Journal of Economic Perspectives 23(3), 3–20 (2009)

    Article  Google Scholar 

  21. Clauset, A., Shalizi, C.R., Newman, M.E.J.: Power-law distributions in empirical data. SIAM Review 51(4), 661–703 (2009)

    Article  MathSciNet  MATH  Google Scholar 

  22. Chia, P.H., Heiner, A.P., Asokan, N.: Use of ratings from personalized communities for trustworthy application installation. In: Proc. NordSec (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Q2S, NTNU, 7491, Trondheim, Norway

    Pern Hui Chia & Svein Johan Knapskog

Authors
  1. Pern Hui Chia
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Svein Johan Knapskog
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

George Danezis

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Chia, P.H., Knapskog, S.J. (2012). Re-evaluating the Wisdom of Crowds in Assessing Web Security. In: Danezis, G. (eds) Financial Cryptography and Data Security. FC 2011. Lecture Notes in Computer Science, vol 7035. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27576-0_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-27576-0_25

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-27575-3

  • Online ISBN: 978-3-642-27576-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation