The APWG is proud to announce the winners of the best papers submitted to its 2019 Symposium on Electronic Crime Research (APWG eCrime) last month, the world’s only peer-reviewed publishing research conference dedicated exclusively to cybercrime studies.
The 2019 APWG eCrime Best Paper award as determined by the score from the symposium’s review committee was Identifying Unintended Harms of Cybersecurity Countermeasures by lead author Yi Ting Chua of the University of Cambridge and her colleagues from University College London, University of Bristol, University of Florida, University of Luxembourg, Queen Mary University of London, and the University of Cambridge.
APWG eCrime Program Co-Chair Gianluca Stringhini said, “In Identifying Unintended Harms of Cybersecurity Countermeasures, the authors focus on an aspect that is often overlooked when studying potential mitigations for online crime: the fact that these could have unintended consequences that researchers originally did not envision. This paper will help researchers and practitioners in considering these unintended harms in the future.”
Ms. Chua’s paper posits that cybersecurity risk management routines can impose unintended harms to user behaviors, to a system’s users and to the supporting infrastructure. The researchers reviewed a number of Internet-mediated abuses and the remediating techniques used against them to isolate categories of unintended harms they engender. From there, the authors posit a framework of questions for risk managers to use to consider harms in a structured manner.
The 2019 APWG Honorable Mention award was Mapping the Underground: Supervised Discovery of Cybercrime Supply Chains by lead author Rasika Bhalerao of New York University and her colleagues from New York University, University of Cambridge and the International Computer Science Institute (ICSI).
Dr. Stringhini said, “The paper Mapping the Underground: Supervised Discovery of Cybercrime Supply Chains helps ecrime researchers by providing automated tools to identify supply chains on underground forums – which has so far been a tedious manual process.”
Ms. Bhalerao’s paper describes a method for mapping the connections between different products and services offered by criminal enterprises. In order to reduce manual processing for forensic routines, the authors propose a method to automatically extract supply chain connections evident in cybercrime forum posts and replies.
Dr. Stringhini of Boston University said of the overall symposium, “This year’s program was of great quality, with a number of very interesting papers. The two papers that were awarded stood out because of their potential impact to the way in which we perform ecrime research. ”
This, the 14th annual APWG eCrime symposium was held on November 13 – 15 at Carnegie Mellon University, Pittsburgh, PA, USA: https://apwg.org/ecrime2019/
APWG Director and conference General Chair Dr. Brad Wardman said, “The papers we received this year show that the research community has evolved to engage cybercrime as something more than simply a technical problem (i.e. need for taxonomies, better reporting, and deeper understanding of underlying weaknesses and globalized mechanisms to detect and measure cybercrime attacks).
“This year, the submissions clearly tell us we are embracing approaches analogous to public-health models of intervention,” Dr. Wardman said.
A number of papers propose to establish metrics and infrastructure for providing programmatic interventions against the most common cybercrimes, including submissions on: browser and security products’ blocklist monitoring; industry conventions for reporting common cybercrime events; identifying and isolating the most persistent malicious hosting venues; and automated classification of domains employed in phishing attacks.
About the APWG Symposium on Electronic Crime Research
The Symposium on Electronic Crime Research (APWG eCrime), founded in 2006 as the eCrime Researchers Summit, is an annual peer-reviewed conference featuring a comprehensive venue to present basic and applied research into electronic crime and engaging every aspect of its evolution – as well as technologies and techniques for eCrime detection, related forensics and prevention. (A history of the conference is here: http://apwg.org/ecrime-event-about/ ) Since then, what had been an initially technology focused conference has incrementally expanded its CFP to cover behavioral, social, economic, and legal / policy dimensions as well as technical aspects of cybercrime, following the interests of our correspondent investigators, the symposium’s managers as well as the guidance of APWG’s own directors and steering committee members.
Scores of papers exploring these dimensions of cybercrime at APWG eCrime have been published by the IEEE <https://ecrimeresearch.org/ecrime-research-papers/> as well as by Taylor & Francis and the Association of Computing Machinery (in the very earliest years of this conference). With its multi-disciplinary approach, APWG eCrime every year brings together the most heterogeneous community of counter-eCrime researchers and industrial stakeholders to confer over the latest research, and to foster collaborations between the leading investigators in this still nascent field of cybercrime studies.