SlideShare a Scribd company logo

2011.04 How to Isotope Tag a Ghost

Allison Miller
Allison Miller

This document discusses various methods for measuring criminal and illicit activities that cannot be directly observed, such as fraud, cash movement, and cybercrimes. It provides examples of direct measurement techniques including surveys and samples, as well as indirect methods like accounting gaps and system statistics. Specific measurement approaches are examined for crimes like fraud, cash usage, and cybercrimes including spam, botnets, and malware. The document advocates testing simple metrics and aggregating existing data to better estimate underground and illicit activities.

Technology
1 of 40
Download to read offline
How to Isotope- Tag a Ghost Allison Miller Thursday, April 28, 2011
Thursday, April 28, 2011
we don't talk about what we see; we see only what we can talk about Donella Meadows Thinking in Systems: A Primer Thursday, April 28, 2011
threat trees p(x) p(y) p(z) Thursday, April 28, 2011
Start Escalation Impact Breach Thursday, April 28, 2011
The Jungle-Gym Effect Thursday, April 28, 2011
The Porous Attack Surface Thursday, April 28, 2011
Enter the Ghosts Thursday, April 28, 2011
an example: Fraud Thursday, April 28, 2011
F r a u d Thursday, April 28, 2011
Haunted by an old problem How do we measure things we can’t observe directly? Thursday, April 28, 2011
Like what? Fraud/Crime Movement of cash Underground economy Thursday, April 28, 2011
Direct methods Samples/Surveys Intrusive observation Passive observation Indirect methods Gap accounting Impact indicators Qualitative modeling Thursday, April 28, 2011
Crime Thursday, April 28, 2011
NCVS is the Nation's primary source of information on criminal victimization. Sample of 76,000 households & ~135,300 persons Frequency, characteristics and consequences (crimes in the US) The survey enables BJS to estimate the likelihood of victimization via categories of violent & property crimes for the population as a whole Population segments: gender, age, ethnicity, geography http://bjs.ojp.usdoj.gov/index.cfm?ty=dcdetail&iid=245 Thursday, April 28, 2011
Thursday, April 28, 2011
0 50 100 150 200 1999 2000 2001 2002 2003 2004 2005 2007 2008 Total property crime Burglary Theft Motor vehicle theft Figure 2. Property crime rates overall fell by 32% from 1999 to 2008 Thursday, April 28, 2011
Financial Crimes Report to the Public: 2009 | 2008 | 2007 | 2006 | 2005 Financial Institution Fraud and Failure Reports: 2006-2007 | 2005 | 2004 | 2003 (pdf) | 2002 (pdf) | 2000-2001 (pdf) Insurance Fraud: Program Overview and Consumer Information Mass Marketing Fraud: A Threat Assessment, June 2010 Mass Marketing Fraud: Awareness and Prevention Tips Mortgage Fraud Reports: 2009 | 2008 | 2007 | 2006 National Money Laundering Strategy (pdf) Securities Fraud: Awareness and Prevention Tips http://www.fbi.gov/stats-services/publications Thursday, April 28, 2011
2010 Internet Crime Report www.ic3.gov Partnership between NW3C/BJA and the FBI Thursday, April 28, 2011
Cybercrime against Businesses, 2005 7,818 businesses in 2005 Data on: Monetary loss and system downtime Types of offenders, types of systems affected, vulnerabilities, whether incidents were reported to LE Highlights: 3,247 businesses incurred loss totaling $867M Majority of attacks went unreported to LE http://bjs.ojp.usdoj.gov/index.cfm?ty=pbdetail&iid=769 Thursday, April 28, 2011
Cash Thursday, April 28, 2011
Cash movement Velocity of money V=Nominal GDP/ Money Supply Thursday, April 28, 2011
http://research.stlouisfed.org/fred2/categories/32242 Thursday, April 28, 2011
Where’s George? http://www.wheresgeorge.com/ Thursday, April 28, 2011
Shadow Thursday, April 28, 2011
Method Approach Direct methods Surveys Audits Indirect methods Via national accounting Gap between production & expenditure Via national accounting Gap between official & actual laborVia national accounting Gap between official & actual income Monetary statistics Velocity of M1 (cash/currency) Monetary statistics Velocity of major bills Monetary statistics Transactions approach Monetary statistics Currency demand Physical input consumption Electricity consumption Soft modeling Cause/effect (DYMIMIC) The Shadow Economy: An International Study. Cambridge Press. Schneider & Enste (2002) Thursday, April 28, 2011
Changes over time 0 7.5 15 22.5 30 Belgium Sweden Ireland France Netherlands Germany GB USA Size of shadow economy as a % of official GNP (cash approach) Data Source: Schneider & Enste (1998) 1970 1980 1994 1995 1996 1997 Thursday, April 28, 2011
Comparing results 0 7.5 15 22.5 30 Belgium Sweden Ireland France Netherlands Germany GB USA Size of the shadow economy as % of official GNP Cash approach (Johnson 1990/93) Cash approach (Schneider 1989/90) Cash approach (Schneider 1990/93) Electricity Consumption (1989/90) Data Source: Schneider & Enste (1998) Thursday, April 28, 2011
Method Example Direct methods Samples/Surveys Crime surveys Intrusive observation Tax Audits Passive observation Bill tracking Indirect methods Gap accounting Income vs expenditure System statistics Velocity of money Impact indicators Energy consumption Qualitative modeling DYMIMIC Thursday, April 28, 2011
Spam & Phishing Botnets Virus & Malware Thursday, April 28, 2011
Spam & Phishing Botnets Virus & Malware Transactional High-volume Feedback loop Centralized collection Widely distributed Thursday, April 28, 2011
Spam & Phishing Email ISPs & spam detection Content segmentation Metrics on origin, target, intermediaries Cyclicality, event correlation Botnets Virus & Malware Thursday, April 28, 2011
Spam & Phishing Majority of email is “bad” (~90% Q1‘2010) Malware taking share from spam Crafted attacks as well as blitzes Most campaigns are short (<24 hours) Botnets Virus & Malware Thursday, April 28, 2011
AV vendors Software, devices environments targeted Mechanism of infection Payload/impact Spam & Phishing Botnets Virus & Malware Thursday, April 28, 2011
Custom malware Social networks: Infection mechanism & targets Drive-bys Mobile & POS devices Spam & Phishing Botnets Virus & Malware Thursday, April 28, 2011
ISPs, independent researchers Mechanisms of communication, control Profiling & tracking (network, victims, targets) Feature analysis Performance (attack metrics) Spam & Phishing Botnets Virus & Malware Thursday, April 28, 2011
Packet, Flow, Log (app, A/V, spam) analysis Machine learning algorithms for IRC-based C&C botnet traffic (Strayer et al) Clustering analysis for P2P botnet detection (Zeidanloo et al) DNS analysis & monitoring Changes in DNS traffic patterns (volume, errors) Sinkholing (domain name takeovers) IRC & P2P infiltration Honeypots Spam & Phishing Botnets Virus & Malware Thursday, April 28, 2011
useful. Spam & Phishing Botnets Virus & Malware Google Postini Services Spam Trend & Analysis (July 2010, >3B email connections/day) McAfee Quarterly Threats Report, (>20M new malware samples in 2010) Symantec State of Spam & Phishing, 300M email addresses Trustwave Global Security Report 2011 (15 billion emails from 2006-10, 220 breach investigations) ENISA: Botnets: Measurement, Detection, Disinfection and Defence Thursday, April 28, 2011
Method Example Direct methods Samples/Surveys Spam & Phishing, Virus & Malware Intrusive observation Sinkholing, Audits Passive observation Honeypots, Flow analysis Indirect methods Gap accounting “Cuckoo’s Egg” System statistics Impact indicators Breach investigations Qualitative modeling Thursday, April 28, 2011
More opportunities for data aggregation System accounting Test simple metrics, data sets in experimental models For existing data-sets: Opportunities to move from transactional to flow- based Questions? Allison Miller @selenakyle Thursday, April 28, 2011

Recommended

Boomtime: Risk as Economics (Allison Miller, SiRAcon15)
Boomtime: Risk as Economics (Allison Miller, SiRAcon15)Boomtime: Risk as Economics (Allison Miller, SiRAcon15)
Boomtime: Risk as Economics (Allison Miller, SiRAcon15)Allison Miller
 
2013.10 Operating * by the Numbers
2013.10 Operating * by the Numbers2013.10 Operating * by the Numbers
2013.10 Operating * by the NumbersAllison Miller
 
2012.09 A Million Mousetraps: Using Big Data and Little Loops to Build Better...
2012.09 A Million Mousetraps: Using Big Data and Little Loops to Build Better...2012.09 A Million Mousetraps: Using Big Data and Little Loops to Build Better...
2012.09 A Million Mousetraps: Using Big Data and Little Loops to Build Better...Allison Miller
 
I Want These * Bugs Off My * Internet
I Want These * Bugs Off My * InternetI Want These * Bugs Off My * Internet
I Want These * Bugs Off My * InternetDan Kaminsky
 
Know Your Enemy: Verizon Data Breach Report
Know Your Enemy: Verizon Data Breach ReportKnow Your Enemy: Verizon Data Breach Report
Know Your Enemy: Verizon Data Breach Reportbmonday
 
10 Things I've Learned About Data Journalism
10 Things I've Learned About Data Journalism10 Things I've Learned About Data Journalism
10 Things I've Learned About Data JournalismPaul Bradshaw
 
Anna tomkowicz listening - 2011
Anna tomkowicz listening - 2011Anna tomkowicz listening - 2011
Anna tomkowicz listening - 2011Ray Poynter
 
Data Breach Review - Takeaways for the Business Infographic
Data Breach Review - Takeaways for the Business InfographicData Breach Review - Takeaways for the Business Infographic
Data Breach Review - Takeaways for the Business InfographicIsis Holdings
 

Recommended

Boomtime: Risk as Economics (Allison Miller, SiRAcon15)
Boomtime: Risk as Economics (Allison Miller, SiRAcon15)Boomtime: Risk as Economics (Allison Miller, SiRAcon15)
Boomtime: Risk as Economics (Allison Miller, SiRAcon15)Allison Miller
 
2013.10 Operating * by the Numbers
2013.10 Operating * by the Numbers2013.10 Operating * by the Numbers
2013.10 Operating * by the NumbersAllison Miller
 
2012.09 A Million Mousetraps: Using Big Data and Little Loops to Build Better...
2012.09 A Million Mousetraps: Using Big Data and Little Loops to Build Better...2012.09 A Million Mousetraps: Using Big Data and Little Loops to Build Better...
2012.09 A Million Mousetraps: Using Big Data and Little Loops to Build Better...Allison Miller
 
I Want These * Bugs Off My * Internet
I Want These * Bugs Off My * InternetI Want These * Bugs Off My * Internet
I Want These * Bugs Off My * InternetDan Kaminsky
 
Know Your Enemy: Verizon Data Breach Report
Know Your Enemy: Verizon Data Breach ReportKnow Your Enemy: Verizon Data Breach Report
Know Your Enemy: Verizon Data Breach Reportbmonday
 
10 Things I've Learned About Data Journalism
10 Things I've Learned About Data Journalism10 Things I've Learned About Data Journalism
10 Things I've Learned About Data JournalismPaul Bradshaw
 
Anna tomkowicz listening - 2011
Anna tomkowicz listening - 2011Anna tomkowicz listening - 2011
Anna tomkowicz listening - 2011Ray Poynter
 
Data Breach Review - Takeaways for the Business Infographic
Data Breach Review - Takeaways for the Business InfographicData Breach Review - Takeaways for the Business Infographic
Data Breach Review - Takeaways for the Business InfographicIsis Holdings
 
Something Wicked
Something WickedSomething Wicked
Something WickedAllison Miller
 
When Algorithms Are Our Co-Pilots
When Algorithms Are Our Co-PilotsWhen Algorithms Are Our Co-Pilots
When Algorithms Are Our Co-PilotsAllison Miller
 
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)Allison Miller
 
2013.05 Games We Play: Payoffs & Chaos Monkeys
2013.05 Games We Play: Payoffs & Chaos Monkeys2013.05 Games We Play: Payoffs & Chaos Monkeys
2013.05 Games We Play: Payoffs & Chaos MonkeysAllison Miller
 
2014.06 Defending Debit
2014.06 Defending Debit2014.06 Defending Debit
2014.06 Defending DebitAllison Miller
 
2014.04 Bit, Bit, Coin
2014.04 Bit, Bit, Coin2014.04 Bit, Bit, Coin
2014.04 Bit, Bit, CoinAllison Miller
 
2012.12 Games We Play: Defenses & Disincentives
2012.12 Games We Play: Defenses & Disincentives2012.12 Games We Play: Defenses & Disincentives
2012.12 Games We Play: Defenses & DisincentivesAllison Miller
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

More Related Content

More from Allison Miller

When Algorithms Are Our Co-Pilots
When Algorithms Are Our Co-PilotsWhen Algorithms Are Our Co-Pilots
When Algorithms Are Our Co-PilotsAllison Miller
 
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)Allison Miller
 
2013.05 Games We Play: Payoffs & Chaos Monkeys
2013.05 Games We Play: Payoffs & Chaos Monkeys2013.05 Games We Play: Payoffs & Chaos Monkeys
2013.05 Games We Play: Payoffs & Chaos MonkeysAllison Miller
 
2014.06 Defending Debit
2014.06 Defending Debit2014.06 Defending Debit
2014.06 Defending DebitAllison Miller
 
2014.04 Bit, Bit, Coin
2014.04 Bit, Bit, Coin2014.04 Bit, Bit, Coin
2014.04 Bit, Bit, CoinAllison Miller
 
2012.12 Games We Play: Defenses & Disincentives
2012.12 Games We Play: Defenses & Disincentives2012.12 Games We Play: Defenses & Disincentives
2012.12 Games We Play: Defenses & DisincentivesAllison Miller
 

More from Allison Miller (7)

Something Wicked
Something WickedSomething Wicked
Something Wicked
 
When Algorithms Are Our Co-Pilots
When Algorithms Are Our Co-PilotsWhen Algorithms Are Our Co-Pilots
When Algorithms Are Our Co-Pilots
 
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
 
2013.05 Games We Play: Payoffs & Chaos Monkeys
2013.05 Games We Play: Payoffs & Chaos Monkeys2013.05 Games We Play: Payoffs & Chaos Monkeys
2013.05 Games We Play: Payoffs & Chaos Monkeys
 
2014.06 Defending Debit
2014.06 Defending Debit2014.06 Defending Debit
2014.06 Defending Debit
 
2014.04 Bit, Bit, Coin
2014.04 Bit, Bit, Coin2014.04 Bit, Bit, Coin
2014.04 Bit, Bit, Coin
 
2012.12 Games We Play: Defenses & Disincentives
2012.12 Games We Play: Defenses & Disincentives2012.12 Games We Play: Defenses & Disincentives
2012.12 Games We Play: Defenses & Disincentives
 

Recently uploaded

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 

Recently uploaded (20)

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 

2011.04 How to Isotope Tag a Ghost

  • 1. How to Isotope- Tag a Ghost Allison Miller Thursday, April 28, 2011
  • 3. we don't talk about what we see; we see only what we can talk about Donella Meadows Thinking in Systems: A Primer Thursday, April 28, 2011
  • 7. The Porous Attack Surface Thursday, April 28, 2011
  • 8. Enter the Ghosts Thursday, April 28, 2011
  • 11. Haunted by an old problem How do we measure things we can’t observe directly? Thursday, April 28, 2011
  • 12. Like what? Fraud/Crime Movement of cash Underground economy Thursday, April 28, 2011
  • 13. Direct methods Samples/Surveys Intrusive observation Passive observation Indirect methods Gap accounting Impact indicators Qualitative modeling Thursday, April 28, 2011
  • 15. NCVS is the Nation's primary source of information on criminal victimization. Sample of 76,000 households & ~135,300 persons Frequency, characteristics and consequences (crimes in the US) The survey enables BJS to estimate the likelihood of victimization via categories of violent & property crimes for the population as a whole Population segments: gender, age, ethnicity, geography http://bjs.ojp.usdoj.gov/index.cfm?ty=dcdetail&iid=245 Thursday, April 28, 2011
  • 17. 0 50 100 150 200 1999 2000 2001 2002 2003 2004 2005 2007 2008 Total property crime Burglary Theft Motor vehicle theft Figure 2. Property crime rates overall fell by 32% from 1999 to 2008 Thursday, April 28, 2011
  • 18. Financial Crimes Report to the Public: 2009 | 2008 | 2007 | 2006 | 2005 Financial Institution Fraud and Failure Reports: 2006-2007 | 2005 | 2004 | 2003 (pdf) | 2002 (pdf) | 2000-2001 (pdf) Insurance Fraud: Program Overview and Consumer Information Mass Marketing Fraud: A Threat Assessment, June 2010 Mass Marketing Fraud: Awareness and Prevention Tips Mortgage Fraud Reports: 2009 | 2008 | 2007 | 2006 National Money Laundering Strategy (pdf) Securities Fraud: Awareness and Prevention Tips http://www.fbi.gov/stats-services/publications Thursday, April 28, 2011
  • 19. 2010 Internet Crime Report www.ic3.gov Partnership between NW3C/BJA and the FBI Thursday, April 28, 2011
  • 20. Cybercrime against Businesses, 2005 7,818 businesses in 2005 Data on: Monetary loss and system downtime Types of offenders, types of systems affected, vulnerabilities, whether incidents were reported to LE Highlights: 3,247 businesses incurred loss totaling $867M Majority of attacks went unreported to LE http://bjs.ojp.usdoj.gov/index.cfm?ty=pbdetail&iid=769 Thursday, April 28, 2011
  • 22. Cash movement Velocity of money V=Nominal GDP/ Money Supply Thursday, April 28, 2011
  • 26. Method Approach Direct methods Surveys Audits Indirect methods Via national accounting Gap between production & expenditure Via national accounting Gap between official & actual laborVia national accounting Gap between official & actual income Monetary statistics Velocity of M1 (cash/currency) Monetary statistics Velocity of major bills Monetary statistics Transactions approach Monetary statistics Currency demand Physical input consumption Electricity consumption Soft modeling Cause/effect (DYMIMIC) The Shadow Economy: An International Study. Cambridge Press. Schneider & Enste (2002) Thursday, April 28, 2011
  • 27. Changes over time 0 7.5 15 22.5 30 Belgium Sweden Ireland France Netherlands Germany GB USA Size of shadow economy as a % of official GNP (cash approach) Data Source: Schneider & Enste (1998) 1970 1980 1994 1995 1996 1997 Thursday, April 28, 2011
  • 28. Comparing results 0 7.5 15 22.5 30 Belgium Sweden Ireland France Netherlands Germany GB USA Size of the shadow economy as % of official GNP Cash approach (Johnson 1990/93) Cash approach (Schneider 1989/90) Cash approach (Schneider 1990/93) Electricity Consumption (1989/90) Data Source: Schneider & Enste (1998) Thursday, April 28, 2011
  • 29. Method Example Direct methods Samples/Surveys Crime surveys Intrusive observation Tax Audits Passive observation Bill tracking Indirect methods Gap accounting Income vs expenditure System statistics Velocity of money Impact indicators Energy consumption Qualitative modeling DYMIMIC Thursday, April 28, 2011
  • 30. Spam & Phishing Botnets Virus & Malware Thursday, April 28, 2011
  • 31. Spam & Phishing Botnets Virus & Malware Transactional High-volume Feedback loop Centralized collection Widely distributed Thursday, April 28, 2011
  • 32. Spam & Phishing Email ISPs & spam detection Content segmentation Metrics on origin, target, intermediaries Cyclicality, event correlation Botnets Virus & Malware Thursday, April 28, 2011
  • 33. Spam & Phishing Majority of email is “bad” (~90% Q1‘2010) Malware taking share from spam Crafted attacks as well as blitzes Most campaigns are short (<24 hours) Botnets Virus & Malware Thursday, April 28, 2011
  • 34. AV vendors Software, devices environments targeted Mechanism of infection Payload/impact Spam & Phishing Botnets Virus & Malware Thursday, April 28, 2011
  • 35. Custom malware Social networks: Infection mechanism & targets Drive-bys Mobile & POS devices Spam & Phishing Botnets Virus & Malware Thursday, April 28, 2011
  • 36. ISPs, independent researchers Mechanisms of communication, control Profiling & tracking (network, victims, targets) Feature analysis Performance (attack metrics) Spam & Phishing Botnets Virus & Malware Thursday, April 28, 2011
  • 37. Packet, Flow, Log (app, A/V, spam) analysis Machine learning algorithms for IRC-based C&C botnet traffic (Strayer et al) Clustering analysis for P2P botnet detection (Zeidanloo et al) DNS analysis & monitoring Changes in DNS traffic patterns (volume, errors) Sinkholing (domain name takeovers) IRC & P2P infiltration Honeypots Spam & Phishing Botnets Virus & Malware Thursday, April 28, 2011
  • 38. useful. Spam & Phishing Botnets Virus & Malware Google Postini Services Spam Trend & Analysis (July 2010, >3B email connections/day) McAfee Quarterly Threats Report, (>20M new malware samples in 2010) Symantec State of Spam & Phishing, 300M email addresses Trustwave Global Security Report 2011 (15 billion emails from 2006-10, 220 breach investigations) ENISA: Botnets: Measurement, Detection, Disinfection and Defence Thursday, April 28, 2011
  • 39. Method Example Direct methods Samples/Surveys Spam & Phishing, Virus & Malware Intrusive observation Sinkholing, Audits Passive observation Honeypots, Flow analysis Indirect methods Gap accounting “Cuckoo’s Egg” System statistics Impact indicators Breach investigations Qualitative modeling Thursday, April 28, 2011
  • 40. More opportunities for data aggregation System accounting Test simple metrics, data sets in experimental models For existing data-sets: Opportunities to move from transactional to flow- based Questions? Allison Miller @selenakyle Thursday, April 28, 2011