Spam and Botnet Reputation Randomized Control Trials and Policy

13 Pages Posted: 2 Apr 2013 Last revised: 16 Aug 2013

See all articles by John S. Quarterman

John S. Quarterman

Quarterman Creations

Leigh L. Linden

The University of Texas at Austin; National Bureau of Economic Research; Jameel Poverty Action Lab; Innovations for Poverty Action; Institute for the Study of Labor (IZA); Bureau for Research and Economic Analysis of Development (BREAD)

Qian Tang

Singapore Management University - School of Information Systems

Gene Moo Lee

University of British Columbia (UBC) - Sauder School of Business

Andrew B. Whinston

University of Texas at Austin - Department of Information, Risk and Operations Management

Date Written: March 31, 2013

Abstract

Designing randomized control trials (RCT) of reputational effects of spam and botnet rankings as proxies for Internet security has interesting challenges. These challenges are related to the policy issues such reputation is intended to address. Building on preliminary results and the public SpamRankings.net top 10 rankings per country by spam volume from two anti-spam blocklists (see TPRC 2012 [1] and 2011 [2] papers), formal RCT experiments provide another level of evidence. However, using RCT with thousands of organizations in treatment and control groups raises numerous difficulties in non-homogeneous legal and organizational regimes and methods of active disclosure of comparable rankins across peer groups. Fortunately most of these difficulties can be turned to advantages, and all have policy implications.

These complications compared to RCTs of more traditional econometric one-shot surveys with single publication arise because the subject of these field experiments is the live Internet in real time with ongoing updated treatments. The experimental treatments themselves act as information security (infosec), since their purpose is to use reputation to cause internal improvements in infosec in treated companies. treatments thus must adapt to changes in conditions in the Internet as they happen. Like other infosec, to be effective the treatments must also be portable across departments within treated organizations plus customers and investors, and the experimental team itself crosses Economics, Information Systems, and Computer Science.

If the experiments demonstrate statistical evidence that this reputational approach works, such results will provide a new policy approach of reputational rankings, plus the beginnings of tools to apply that approach, ranging from the public treatments themselves to drilldowns into underlying details of the symptoms causing good or bad reputation.

Difficulties encountered include:

1) Differing sensitivities of different blocklists to spam from certain sources; sensitivities that change over time as the blocklists adapt to new miscreant behavior. Approach: A weighted composite ranking based on both spam volume and spamming address count from at least two different blocklists.

2) Heterogeneity of legal regimes and other characteristics across countries. Approach: Initial experiments within a single country (the U.S.), perhaps followed by clustered RCT using countries as clusters.

3) Availability of organizational characterization information for stratification by industry (finance, medical, etc.) and within industry (ISPs or hosting, telephone company or cable company, etc.). Approach: Start with the U.S., for which this information is relatively readily available in homogeneous form.

4) Public visibility is necessary for reputation so that customers and investors of treated organizations can see the treatments, yet limits flexibility of experimental treatments, since an ongoing, regularly updated treatment once deployed is hard to retract. Approach: Start with a subset of the universe of spamming organizations and deploy more treatments for other organizations later, plus potential additional treatments for already-treated organizations, while tuning existing treatments like product releases.

5) Spammers or bot herders could choose to migrate away from treated organizations to untreated (control) organizations, interfering with independence of treated and control groups. Approach: Use botnet volume and address data to observe whether this actually happens (potential future work).

6) Miscreants may actively retaliate with DDoS or other attacks. Approach: Harden the treatment websites by hosting them in a cloud provided by a very large organization.

7) Many of the most relevant and we think potentially effective features of this work are nonobvious to many persons skilled in various arts indigenous to at least seven major markets the work must reach, in academia, inside the treated organizations, and in governance. Designing marketing materials and interaction methods to make the nonobvious obvious is a major part of this work. Specifically, drawing connections from spam as a proxy for underlying security issues to organizational benefits of reputational rankings to societal benefits of active disclosure is quite a challenge for a tiny research organization simulating the sales and marketing (and engineering) departments of a large corporation. Approach: Model on rankings comprehensible to everyone (sports scores), use analogies, emphasize benefits, tailor to specific markets where necessary, provide writeups on the most nonobvious features, such as active vs. passive/disclosure.

This series of experiments is supported by NSF grants 1228990 and 0831338, and the usual disclaimers apply.

Keywords: spam, botnet, reputation, peer influence, RCT, disclosure, economics, law, business, finance

JEL Classification: A12, C12, C32, C93, D62, E61

Suggested Citation

Quarterman, John S. and Linden, Leigh L. and Tang, Qian and Lee, Gene Moo and Whinston, Andrew B., Spam and Botnet Reputation Randomized Control Trials and Policy (March 31, 2013). TPRC 41: The 41st Research Conference on Communication, Information and Internet Policy, Available at SSRN: https://ssrn.com/abstract=2242581 or http://dx.doi.org/10.2139/ssrn.2242581

John S. Quarterman (Contact Author)

Quarterman Creations ( email )

3338 Country Club Road #L336
Valdosta, GA 31605
United States
512-563-5647 (Phone)

HOME PAGE: http://www.quarterman.com

Leigh L. Linden

The University of Texas at Austin ( email )

Austin, TX 78712
United States
+1 (512) 475-8556 (Phone)

HOME PAGE: http://www.leighlinden.com

National Bureau of Economic Research ( email )

1050 Massachusetts Avenue
Cambridge, MA 02138
United States

HOME PAGE: http://www.leighlinden.com

Jameel Poverty Action Lab ( email )

30 Wadsworth Street, E53-320
77 Massachusetts Avenue
Cambridge, MA 02142
United States

HOME PAGE: http://www.leighlinden.com

Innovations for Poverty Action ( email )

1731 Connecticut Ave, 4th floor
New Haven, CT 20009
United States

HOME PAGE: http://www.leighlinden.com

Institute for the Study of Labor (IZA) ( email )

P.O. Box 7240
Bonn, D-53072
Germany

Bureau for Research and Economic Analysis of Development (BREAD) ( email )

Duke University
Durham, NC 90097
United States

HOME PAGE: http://www.leighlinden.com

Qian Tang

Singapore Management University - School of Information Systems ( email )

80 Stamford Road
Singapore, 178902
Singapore

Gene Moo Lee

University of British Columbia (UBC) - Sauder School of Business ( email )

2053 Main Mall
Vancouver, BC V6T 1Z2
Canada

Andrew B. Whinston

University of Texas at Austin - Department of Information, Risk and Operations Management ( email )

CBA 5.202
Austin, TX 78712
United States
512-471-8879 (Phone)

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
100
Abstract Views
1,960
Rank
531,495
PlumX Metrics