NSF Awards $10 Million Grant to ICSI and Collaborators to Study Human Element of Cybercrime

September 25, 2012
ICSI, the University of California, San Diego, and George Mason University have received a $10 million, five-year grant from the National Science Foundation to investigate the roles played by economics and social interactions in Internet security.

“Online crime is relentlessly populating a subterranean layer of digital space, during a time when the Internet is playing an increasingly integral and significant part in today’s world economy, as well as many facets of our daily lives. Advanced computer science research has a moral obligation and the right tools to investigate this phenomenon and help prevent its dangers,” said Director Roberto Pieraccini.

“During our earlier work on analyzing the factors that go into making spam a profitable form of cybercrime, we were deeply struck by the significance of the human side of the equation,” said Vern Paxson of ICSI’s Networking Group, one of the leaders of the project and a UC Berkeley professor. “Non-technical considerations span business concerns, issues of trust-amongst-thieves, and the rise of social media as both a new domain that cybercrime is expanding into, and a way to track interactions amongst the criminals themselves.”

Security research has tended to focus on the technologies that enable and defend against attacks. The new project, led by Paxson and Stefan Savage of UC San Diego, emphasizes the profits that motivate the majority of Internet attacks, the elaborate marketplaces that support them, and the relationships among cybercriminals, who rely upon each other for services and expertise.

The Spam Economic Chain
The spam economic chain

Paxson and Savage have a long history of working together on Internet security. In 2004, they established the NSF-funded Center for Internet Epidemiology and Defenses (CCIED), which they have led since then, and more recently they’ve led a large-scale effort funded by the Office of Naval Research on infiltrating the “botnets” that attackers often use for their attacks. Recent results from CCIED include findings that just three banks authorized 95 percent of credit card sales of goods advertised through spam. This kind of research aims to help the fight against spam and malware by exposing weak points in the spam economic chain.

The new project, a natural outgrowth of this, focuses on the human element of cybercrime, including how social media such as Facebook and Twitter provide new opportunities for attacks and manipulation. By better understanding the roles that economics and social interactions play in cybercrime, the researchers say, defenders can identify the most effective opportunities for interventions and defenses.

Read more in the NSF press release.