Abstract
Defense begins by identifying the targets likely to yield the greatest reward for an attacker's investment.
- Anderson, R., Barton, C., Böhme, R., Clayton, R., van Eeten, M. J.G., Levi, M, Moore, T., and Savage, S. Measuring the cost of cybercrime. In Proceedings of the 11th Annual Workshop on the Economics of Information Security (Berlin, June 25--26, 2012).Google Scholar
- Caballero, J., Grier, C., Kreibich, C., and Paxson, V. Measuring pay-per-install: The commoditization of malware distribution. In Proceedings of the USENIX Security Symposium. USENIX Association, Berkeley, CA, 2011. Google ScholarDigital Library
- Dwork, C. and Naor, M. Pricing via processing or combatting junk mail. In Proceedings of Crypto 1992. Google ScholarDigital Library
- Elmore, J.G., Barton, M.B., Moceri, V.M., Polk, S., Arena, P.J., and Fletcher, S.W. Ten-year risk of false positive screening mammograms and clinical breast examinations. New England Journal of Medicine 338, 16 (1998), 1089--1096.Google ScholarCross Ref
- Florêncio, D. and Herley, C. Is everything we know about password-stealing wrong? IEEE Security & Privacy Magazine (Nov. 2012). Google ScholarDigital Library
- Florêncio, D. and Herley, C. Sex, lies and cyber-crime surveys. In Proceedings of the 10th Workshop on Economics of Information Security (Fairfax, VA, June 14--15, 2011).Google Scholar
- Graff, L., Russell, J., Seashore, J., Tate, J., Elwell, A., Prete, M., Werdmann, M., Maag, R., Krivenko, C., and Radford, M. False-negative and false-positive errors in abdominal pain evaluation failure to diagnose acute appendicitis and unnecessary surgery. Academic Emergency Medicine 7, 11 (2000), 1244--1255.Google ScholarCross Ref
- Herley, C. The plight of the targeted attacker in a world of scale. In Proceedings of the Ninth Workshop on the Economics of Information Security (Boston, June 7--8, 2010).Google Scholar
- Herley, C. Why do Nigerian scammers say they are from Nigeria? In Proceedings of the 11th Annual Workshop on the Economics of Information Security (Berlin, June 25--26, 2012).Google Scholar
- Kanich, C., Weaver, N., McCoy, D., Halvorson, T., Kreibich, C., Levchenko, K., Paxson, V., Voelker, G.M., and Savage, S. Show me the money: Characterizing spam-advertised revenue. In Proceedings of the 20th USENIX Security Symposium (San Francisco, Aug. 8--12). USENIX Association, Berkeley, CA, 2011. Google ScholarDigital Library
- Lampson, B. Usable security: How to get it. Commun. ACM 52, 11 (Nov. 2009), 25--27. Google ScholarDigital Library
- Mitnick, K. and Simon, W.L. The Art of Deception: Controlling the Human Element of Security. John Wiley & Sons, Inc., New York, 2003. Google ScholarDigital Library
- Pfleeger, C.P. and Pfleeger, S.L. Security In Computing. Prentice Hall Professional, 2003. Google ScholarDigital Library
- Schneider, F. Blueprint for a science of cybersecurity. The Next Wave 19, 2 (2012), 47--57.Google Scholar
- van Trees, H.L. Detection, Estimation and Modulation Theory: Part I. John Wiley & Sons, Inc., New York, 1968.Google Scholar
Index Terms
- Security, cybercrime, and scale
Recommendations
Cybercrime, identity theft, and fraud: practicing safe internet - network security threats and vulnerabilities
InfoSecCD '06: Proceedings of the 3rd annual conference on Information security curriculum developmentComputer networks and computer systems are experiencing attacks and threats from many areas. Threats are also extended to include the individual user's computer assets and resources. Information will be presented on the categories of security and ...
Comments