Important News - WACCO is co-hosted with CACOE
This year WACCO is co-hosted with the 2021 Workshop Cyber Range Technologies and Applications (CACOE).
More info on CACOE can be found here.
The emergence and commoditization of cyber-criminal activities calls for new empirical methods, measures, and technologies to quantify and understand offender operations across all forms of cyber-crime: from malware engineering and attack delivery, to running underground operations trading illegal goods such as drugs and illegal pornography, to spreading disinformation and planning (cyber-)terrorism operations. Without appropriate scientific measures of cyber-offender and attacker operations, capabilities, and resources, it remains impossible to derive sound policies, strategies and technologies that appropriately address realistic and evidence-based attacker and offender models.
The 3rd Workshop on Attackers and Cyber-Crime Operations (WACCO 2021) aims to provide a venue for research and discussion on cyber-criminal activities. WACCO 2021 is co-located with the 6th IEEE European Symposium on Security and Privacy (EuroS&P 2021).
Call for Papers
WACCO 2021 calls for all contributions aiming at providing methods, measures, metrics, and technologies or tools to quantitatively or qualitatively evaluate cyber-offenders and attackers from technical and non-technical angles. The workshop invites contributions from, but not limited to, the fields of computer science and computer security, criminology, psychology, law, and economics addressing this issue.
Topics of interest include, but are not limited to:
- Empirical studies on attacker operations and communities
- Novel methods to perform attacker measurements at scale across several communities
- Cooperation and trust as a source of attackers’ effectiveness
- Attackers’ skill set
- Attackers’ operational security
- Measuring the spread of false information campaigns on social media
- Quantitative and qualitative methods to measure, track, and counter cybercrime
- Cybercrime measurement and networks
- Cybercrime policy
- Economics of cybercrime
- Profiling of cybercriminals
- Security metric design and evaluation
- Security patch measurement
- Statistical exploration and prediction of security incidents
- Open Source INTelligence (OSINT) and digital footprints
The workshop is co-located with the 6th IEEE European Symposium on Security and Privacy (EuroS&P 2021).
Important Dates
All deadlines are Anywhere on Earth (AoE = UTC-12h).
Paper submission due | |
Early rejection notification due | June 16, 2021 |
Rebuttal phase | June 16-18, 2021 |
Acceptance notice to authors | July 2, 2021 |
Publication-ready papers submitted | July 16, 2021 |
Virtual Workshop | September 7, 2021 |
Accepted Papers
Full Papers:
-
Get Rich or Keep Tryin' - Trajectories in dark net market vendor careers
Tim Booij, Thijmen Verburgh, Federico Falconieri, and Rolf van Wegberg
-
Exploring Cybercrime Disruption through Laboratory Experiments
Lonie Sebagh, Jonathan Lusthaus, Edoardo Gallo, Federico Varese, and Sean Sirur
-
Dissecting Social Engineering Attacks Through the Lenses of Cognition
Pavlo Burda, Luca Allodi, and Nicola Zannone
-
Cybercrime Specialization: An Exposé of a Malicious Android Obfuscation-as-a-Service
Vit Sembera, Masarah Paquet-Clouston, Sebastian Garcia, and Maria-Jose Erquiaga
-
Follow the money: The relationship between currency exchange and illicit behaviour in an underground forum
Gilberto Atondo Siu, Ben Collier, and Alice Hutchings
-
Modelling the Cybercrime Cascade Effect in Data Crime
Maria Grazia Porcedda, and David S Wall
-
The Impact of Adverse Events in Darknet Markets: an Anomaly Detection Approach
Ziauddin Ursani, Claudia Peersman, Matthew Edwards, Chao Chen, and Awais Rashid
-
Modelling Disruptive APTs targetting Critical Infrastructure using Military Theory
Yoram Meijaard, Peter-Paul Meiler, and Luca Allodi
Program
The workshop will have live talks (15 minutes presentation + 5 minutes Q&A). We will run a modified version of REFSQ where authors are asked to bootstrap the discussion with questions to other fellow presenters in a session.
Welcome and opening remarks
10:00 - 10:10 (Timezone: CEST (UTC+02:00))
Session 1: Cybercrime and experimentation
10:10 - 11:05 (Timezone: CEST (UTC+02:00))
Exploring Cybercrime Disruption through Laboratory Experiments
10:10 - 10:30
Lonie Sebagh, Jonathan Lusthaus, Edoardo Gallo, Federico Varese, and Sean Sirur
Abstract
Dissecting Social Engineering Attacks Through the Lenses of Cognition
10:30 - 10:50
Pavlo Burda, Luca Allodi, and Nicola Zannone
Abstract
Break & Discussion
10:50 - 11:05
Session 2: Modelling cybercrime and offensive operations
11:05 - 12:00 (Timezone: CEST (UTC+02:00))
Modelling the Cybercrime Cascade Effect in Data Crime
11:05 - 11:25
Maria Grazia Porcedda, and David S Wall
Abstract
Modelling Disruptive APTs targetting Critical Infrastructure using Military Theory
11:25 - 11:45
Yoram Meijaard, Peter-Paul Meiler, and Luca Allodi
Abstract
Break & Discussion
11:45 - 12:00
Session 3: Cybercrime ecosystem...
12:00 - 12:40 (Timezone: CEST (UTC+02:00))
Follow the money: The relationship between currency exchange and illicit behaviour in an underground forum
12:00 - 12:20
Gilberto Atondo Siu, Ben Collier, and Alice Hutchings
Abstract
Get Rich or Keep Tryin' - Trajectories in dark net market vendor careers
12:20 - 12:40
Tim Booij, Thijmen Verburgh, Federico Falconieri, and Rolf van Wegberg
Abstract
Discussion & lunch break
12:40 - 14:10 (Timezone: CEST (UTC+02:00))
Session 4: ...and Investigations
14:10 - 15:00 (Timezone: CEST (UTC+02:00))
Cybercrime Specialization: An Exposé of a Malicious Android Obfuscation-as-a-Service
14:10 - 14:30
Vit Sembera, Masarah Paquet-Clouston, Sebastian Garcia, and Maria-Jose Erquiaga
Abstract
The Impact of Adverse Events in Darknet Markets: an Anomaly Detection Approach
14:30 - 14:50
Ziauddin Ursani, Claudia Peersman, Matthew Edwards, Chao Chen, and Awais Rashid
Abstract
Break & Discussion
14:50 - 15:00
Keynote
15:00 - 15:50 (Timezone: CEST (UTC+02:00))
A deep dive in the deep web: Insights from ten years of online anonymous marketplace measurements - Abstract
15:00 - 15:40
Nicolas Christin
Founded in 2011, Silk Road was the first online anonymous marketplace, in which buyers and sellers could transact with anonymity guarantees far superior to those available in online or offline alternatives, thanks to the innovative use of cryptocurrencies and network anonymization. Business on Silk Road, primarily involving narcotics trafficking, was brisk and before long competitors appeared. After Silk Road was taken down by law enforcement, a dynamic ecosystem of online anonymous marketplaces emerged. That ecosystem is highly active, to this day, and has been surprisingly resilient to multiple law enforcement take down operations as well as "exit scams," in which the operators of a marketplace abruptly abscond with any money left on the platform. I will describe insights gained from ten years of active measurement of the online anonymous market ecosystem. More precisely, I will highlight the scientific challenges in collecting such data at scale. I will discuss how overall revenues have steadily grown year after year, and describe the leading types of commerce taking place on these markets. I will then briefly focus on the role online anonymous markets play in cybercrime commoditization. Last, I will explain our efforts on matching a priori disparate vendor handles to unique individuals, and on detecting impersonation attacks. This will help me introduce some of the research avenues we are currently pursuing.
Break & Discussion
15:40 - 15:50
Session 5: Cyber Range Technologies
CACOE Session, more info here.
15:50 - 16:45 (Timezone: CEST (UTC+02:00))
Cybersecurity Test Range for Autonomous Vehicle Shuttles
15:50 - 16:10
Andrew Roberts, Nikita Snetkov and Olaf Maennel
Abstract
Ontology-Based Scenario Modeling for Cyber Security Exercise
16:10 - 16:30
Shao-Fang Wen, Muhammad Mudassar Yamin and Basel Katt
Abstract
Break & Discussion
16:30 - 16:45
Session 6: Cyber Range Applications
CACOE Session, more info here.
16:45 - 17:45 (Timezone: CEST (UTC+02:00))
Success Factors for Designing a Cybersecurity Exercise on the Example of Incident Response
16:45 - 17:05
Sten Mäses, Kaie Maennel, Mascia Toussaint and Veronica Rosa
Abstract
Invited Talk: The Role of Testbeds in Cybersecurity Experimentation
17:05 - 17:35
Terry Benzel
Abstract
Farewell
17:35 - 17:45
Review Model
Open reports
WACCO promotes an open and transparent review process. Reviews of accepted papers will be published together with the papers and archived in a public github repository associated with WACCO. A link to that repository must be included in all accepted submissions. The reasons why WACCO implements an open report model are the following:
- It documents why the paper was considered positively to contribute to the larger scientific domain it pertains to;
- It provides a critique useful to better delineate research limitations and scope, which can be of particular benefit to young researchers and students alike;
- It provides a structural incentive for reviewers to write constructive and clear reviews;
- It provides a structural incentive for authors to implement reviewer recommendations for the camera-ready version of their paper;
- It provides a critical viewpoint for future work and research follow-ups;
- It provides additional transparency to the quality of the adopted review process and its outcomes.
Early-reject and rebuttals
Early rejections integrated with a rebuttal period have the combined benefit of:
- Providing quick, constructive feedback to early-stage work that needs substantial improvement before acceptance;
- Alleviating voluntarily workload from the PC;
- Implement a communication channel between reviewers and authors enabling fairer evaluations.
The review cycle at WACCO is therefore divided in two phases:
- 1st phase: all submitted papers will receive at least two reviews; those for which the PC, after a discussion involving also the chairs, see no way forward will be given an early rejection notification together with the received reviews and a summary from the chairs on the reasons for the early rejection.
- 2nd phase: all papers that are not early-rejected can optionally provide a rebuttal to address factual misunderstandings in the paper. The rebuttals will be read by the phase 1 reviewers, who can then modify or update their feedback, and will be in input to a third, new reviewer for an additional 2nd phase review.
Submission
WACCO encourages submission of full papers and position papers from academia, industry, and government. They should present interesting results for both theory and experimentation in the area of attacker and cyber-crime operations. We also particularly welcome independent reproduction of previous studies or experiments or negative results. We expect full papers to be of 10 pages in length (IEEE Format). Longer papers that document extensive experimentation are full in scope (which could be described in annex of the main body of the paper). Position papers of around 4 pages in length should present new open and interesting questions that the community should address or open questions that past research papers have not yet addressed. We expect position papers to be presented in panels or poster-platform sessions.
Anonymous submissions
Papers should be fully anonymized before review: author names or affiliations may not appear or be revealed in the text. Previous work of the authors should be referred to the third person. In the unusual case that an anonymous reference is not possible, the authors should blind the reference (e.g. “[x] Blinded citation to preserve submission anonymity”). Papers that are not properly anonymized may be desk rejected.
Submission of work that has been previously presented at conferences without proceedings, even if that work is associated with the names of the authors, or is published on online repositories such as ArXiv.org or SSRN, is allowed as long as the submission is fully anonymized. PC members that may recognize the work and its authors are asked to declare conflict on that paper and will not be assigned to it.
Publications
All papers will be published by IEEE CS and posted on the IEEE digital libraries. All authors of accepted papers are expected to present their paper at the workshop.
Submission site
Please submit your paper through EasyChair here.
Organization Committees
Program Co-chairs
Luca Allodi | Eindhoven University of Technology |
Alice Hutchings | University of Cambridge |
Sergio Pastrana | University Carlos III of Madrid |
Publicity and Publication Co-chairs
Publicity Chair | Pavlo Burda | Eindhoven University of Technology |
Publication Chair | José Cabrero Holgueras | CERN and University Carlos III of Madrid |
Publicity Chair | Michele Campobasso | Eindhoven University of Technology |
Program Committee
- Maria Bada, University of Cambridge
- Benoît Dupont, University of Montreal
- Rutger Leukfeldt, NSCR
- Rebekah Overdorf, École Polytechnique Fédérale de Lausanne
- Sasha Romanosky, RAND
- Gianluca Stringhini, Boston University
- Gang Wang, University of Illinois
- Marleen Weulen Kranenbarg, Vrije Universiteit Amsterdam
- Dmitry Zhdanov, Georgia State University
- Will Scott, University of Michigan
- Carlos Gañán, Delft University of Technology
- Tom Van Goethem, KU Leuven
- Jorge Blasco Alís, Royal Holloway University of London
- Ben Collier, University of Cambridge
- Guillermo Suarez-Tangil, IMDEA Networks Institute
- Juan Tapiador, University Carlos III of Madrid
- Daniel R. Thomas, University of Strathclyde
- Giorgio Di Tizio, University of Trento
- Veronica Valeros, Czech Technical University in Prague
- Nick Nikiforakis, Stony Brook University
- Jonathan Lusthaus, Oxford University
- Jeroen van der Ham, NCSC
Registration
The workshop is co-located with the 6th IEEE European Symposium on Security and Privacy (EuroS&P 2021). To register please visit the registration page of the main event.