CRCS Privacy and Security Lunch Seminar

Date: Wednesday, April 22, 2009
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 119

Speaker: Stefan Savage

Title: Spamalytics: Exploring the Technical and Economic
Underpinnings of Bulk E-mail Scams

Abstract:   When asked why he robbed banks, Willie Sutton famously responded, “Because that’s where the money is”.  Today, the same sentiment is widely applied to the Internet as well.  The tremendous growth of on-line commerce has made Internet users, their computers and their data a valuable target for criminal actors.  However, in spite of the fact that virtually all on-line crime is economically motivated, the underlying economics are poorly understood and even more poorly quantified.  In this talk I will explore this issue in the context of spam-based advertising, a business whose “return-on- investment” depends both on delivery technology and consumer appetites.  While the security community has traditionally focused on the former issue, producing an arms race between spammer and anti- spammer, the the other half of the spam value proposition is the “conversion rate” — the probability that an unsolicited e-mail will ultimately elicit a “sale”.  In this talk, I will describe a methodology for using parasitic botnet infiltration to empirically infer the delivery and conversion rates of spam campaigns.  I will present a preliminary analysis of over 400 million instrumented spam e-mails across two campaigns and quantify the underlying processes that modulate profits.

Bio: Stefan Savage is an associate professor of Computer Science and Engineering at the University of California, San Diego. He received his Ph.D. in Computer Science and Engineering from the University of Washington and a B.S. in Applied History from Carnegie-Mellon University.  Savage‘s research interests lie at the intersection of operating systems, networking and computer security and he currently serves as director of the Cooperative Center for Internet Epidemiology and Defenses (CCIED), a joint effort between UCSD and the International Computer Science Institute.  Savage is a fairly down-to-earth guy and only writes about himself in the third person when asked.