Academic Cybercrime Papers
Recent academic papers related to cybercrime. All papers are sorted based on the conference name and published year. Welcome to add more published paper to this list.
Table of Listed Conferences
- USENIX Security
- The Web Conference(WWW)
- IEEE Security and Privacy(S&P)
- ACM Internet Measurement Conference(IMC)
- Network and Distributed System Security(NDSS)
- Symposium on Electronic Crime Research(eCrime)
- IEEE European Symposium on Security and Privacy(EuroS&P)
- ACM Conference on Computer and Communications Security(CCS)
USENIX Security
2022
- [Phishing] Phish in Sheep's Clothing: Exploring the Authentication Pitfalls of Browser Fingerprinting
- [Phishing] Inferring Phishing Intention via Webpage Appearance and Dynamics: A Deep Vision Based Approach
2021
- [Phishing] Assessing Browser-level Defense against IDN-based Phishing
- [Phishing] Phishpedia: A Hybrid Deep Learning Based Approach to Visually Identify Phishing Webpages
- [Blackhat SEO] Scalable Detection of Promotional Website Defacements in Black Hat SEO Campaigns
2020
- [Threat Intelligence] A different cup of TI? The added value of commercial threat intelligence
- [Phishing] PhishTime: Continuous Longitudinal Measurement of the Effectiveness of Anti-phishing Blacklists
- [Phishing] Sunrise to Sunset: Analyzing the End-to-end Life Cycle and Effectiveness of Phishing Attacks at Scale
2019
- [Scam] Users Really Do Answer Telephone Scams
- [Phishing] Cognitive Triaging of Phishing Attacks
- [Cryptojacking] Inadvertently making Cyber Criminals Rich: A Comprehensive Study of Cryptojacking Campaigns at Internet Scale
- [Infrastructure] Platforms in Everything: Analyzing Ground-Truth Data on the Anatomy and Economics of Bullet-Proof Hosting
2018
- [Card Skimmers] Fear the Reaper: Characterization and Fast Detection of Card Skimmers
- [Dark Jargons] Reading Thieves' Cant: Automatically Identifying and Understanding Dark Jargons from Cybercrime Marketplaces
- [Anonymous Markets] Plug and prey? measuring the commoditization of cybercrime via online anonymous markets
2018
- [Botnet] Understanding the Mirai Botnet
2016
- [Blackhat SEO] The Ever-Changing Labyrinth: A Large-Scale Analysis of Wildcard DNS Powered Blackhat SEO
2015
- [Social Engineering] WebWitness: Investigating, Categorizing, and Mitigating Malware Download Paths
WWW
2020
- [Cryptojacking] MineThrottle: Defending against Wasm In-Browser Cryptojacking
2019
- [Cryptojacking] Outguard: Detecting In-Browser Covert Cryptocurrency Mining in the Wild
- [Phishing] Doppelgängers on the Dark Web: A Large-scale Assessment on Phishing Hidden Web Services
2018
- [Spam] Collective Classification of Spam Campaigners on Twitter: A Hierarchical Meta-Path Based Approach
2017
- [Phishing] Tracking Phishing Attacks Over Time
S&P
2022
- [Scam] Analyzing Ground-Truth Data of Mobile Gambling Scams
- [Phishing] Phishing in Organizations: Findings from a Large-Scale and Long-Term Study
2021
2019
- [APT] HOLMES: Real-time APT Detection through Correlation of Suspicious Information Flows
- [Phishing] PhishFarm: A Scalable Framework for Measuring the Effectiveness of Evasion Techniques Against Browser Phishing Blacklists
- [Infrastructure] Resident Evil: Understanding Residential IP Proxy as a Dark Service
- [Search Engine] Measuring and Analyzing Search Engine Poisoning of Linguistic Collisions
2018
- [Scam] Surveylance: Automatically Detecting Online Survey Scams
- [Value Chain] Tracking Ransomware End-to-end
2017
- [Dark Jargons] How to learn klingon without a dictionary: Detection and measurement of black keywords used by the underground economy
- [Infrastructure] Under the Shadow of Sunshine: Understanding and Detecting Bulletproof Hosting on Legitimate Service Provider Networks
2016
- [Spam] SoK: Everyone Hates Robocalls: A Survey of Techniques against Telephone Spam
- [Blackhat SEO] Seeking nonsense, looking for trouble: Efficient promotional-infection detection through semantic inconsistency search
- [SMS] Sending out an sms: Characterizing the security of the sms ecosystem with public gateways
2015
- [Typosquatting] Every second counts: Quantifying the negative externalities of cybercrime via typosquatting
IMC
2022
2020
- [Phishing] Are You Human?: Resilience of Phishing Detection to Evasion Techniques Based on Human Verification
2018
NDSS
2023
2022
- [Blackhat SEO] Demystifying Local Business Search Poisoning for Illicit Drug Promotion
- [Cryptojacking] [A Lightweight IoT Cryptojacking Detection Mechanism in Heterogeneous Smart Home Networks]
2021
- [Fraud] Understanding and Detecting International Revenue Share Fraud
- [Cryptojacking] MINOS*: A Lightweight Real-Time Cryptojacking Detection System
- [Forensic] C^2SR: Cybercrime Scene Reconstruction for Post-mortem Forensic Analysis
- [Fraud] The Abuser Inside Apps: Finding the Culprit Committing Mobile Ad Fraud
- [CyberBulling] Towards Understanding and Detecting Cyberbullying in Real-world Images
2020
- [Fraud] Into the Deep Web: Understanding E-commerce Fraud from Autonomous Chat with Cybercriminals
- [Botnet] A Practical Approach for Taking Down Avalanche Botnets Under Real-World Constraints
2019
- [Dark Web] Cybercriminal Minds: An investigative study of cryptocurrency abuses in the Dark Web
- [Botnet] Cleaning Up the Internet of Evil Things: Real-World Evidence on ISP and Consumer Efforts to Remove Mirai
- [Botnet] Measurement and Analysis of Hajime, a Peer-to-peer IoT Botnet
- [Measurement] Cracking the Wall of Confinement: Understanding and Analyzing Malicious Domain Take-downs
2018
2017
- [Scam] Dial One for Scam: A Large-Scale Analysis of Technical Support Scams
- [Fake Base Station] FBS-Radar: Uncovering Fake Base Stations at Scale in the Wild
2016
2015
- [Typosquatting] Seven Months’ Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse
- [Measurement] Parking Sensors: Analyzing and Detecting Parked Domains
- [Telephone] Phoneypot: Data-driven Understanding of Telephony Threats
eCrime
2020
2019
2018
- [Phishing] Inside a Phisher’s Mind: Understanding the Anti-phishing Ecosystem Through Phishing Kit Analysis
EuroSP
2017
CCS
2022
- [Spam] Clues in Tweets: Twitter-Guided Discovery and Analysis of SMS Spam
- [Phishing] Phishing URL Detection: A Network-based Approach Robust to Evasion
- [Phishing] I’m SPARTACUS, No, I’m SPARTACUS: Proactively Protecting Users From Phishing by Intentionally Triggering Cloaking Behavior
- [Financial Relations] Watch Your Back: Identifying Cybercrime Financial Relationships in Bitcoin through Back-and-Forth Exploration
2021
- [Fraud] Dissecting Click Fraud Autonomy in the Wild
- [Fraud] Understanding and Detecting Mobile Ad Fraud Through the Lens of Invalid Traffic
- [Phishing] Catching Transparent Phish: Analyzing and Detecting MITM Phishing Toolkits
2020
- [Botnet] Examining Mirai’s Battle over the Internet of Things
- [Phishing] VisualPhishNet: Zero-Day Phishing Website Detection by Visual Similarity
- [Spam] Lies in the Air: Characterizing Fake-base-station Spam Ecosystem in China
- [APT] Mnemosyne: An Effective and Efficient Postmortem Watering Hole Attack Investigation System
- [Infrastructure] Impersonation-as-a-Service: Characterizing the Emerging Criminal Infrastructure for User Impersonation at Scale
2019
- [Cryptojacking] Poster: Detecting WebAssembly-based Cryptocurrency Mining
- [Cryptojacking] Just the Tip of the Iceberg: Internet-Scale Exploitation of Routers for Cryptojacking
2018
- [Cryptojacking] How You Get Shot in the Back: A Systematical Study about Cryptojacking in the Real World
- [Cryptojacking] MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense
2017
- [Underground Ecosystem] Data Breaches, Phishing, or Malware?: Understanding the Risks of Stolen Credentials
2016
- [Fraud] Over-The-Top Bypass: Study of a Recent Telephony Fraud
- [Phishing] PhishEye: Live Monitoring of Sandboxed Phishing Kits
- [Threat Intelligence] Acing the ioc game: Toward automatic discovery and analysis of open-source cyber threat intelligence