Publications

Replication datasets have been made available where possible. To view public datasets, visit the Security Economics Lab Dataverse.

[1] Daniel W. Woods and Tyler Moore. Does insurance have a future in governing cybersecurity? IEEE Security & Privacy, 18(1), 2020. [ bib | paper ]
[2] Ross Anderson, Chris Barton, Rainer Böhme, Richard Clayton, Carlos Ganan, Tom Grasso, Michael Levi, Tyler Moore, Stefan Savage, and Marie Vasek. Measuring the changing cost of cybercrime. In 18th Workshop on the Economics of Information Security (WEIS), 2019. [ bib | paper ]
[3] Tyler Moore, Erin Kenneally, Michael Collett, and Prakash Thapa. Valuing cybersecurity research datasets. In 18th Workshop on the Economics of Information Security (WEIS), 2019. [ bib | paper | presentation ]
[4] JT Hamrick, Farhang Rouhi, Arghya Mukherjee, Amir Feder, Neil Gandal, Tyler Moore, Marie Vasek, Neil Gandal, and Marie Vasek. The economics of cryptocurrency pump and dump schemes. In 18th Workshop on the Economics of Information Security (WEIS), 2019. [ bib | paper ]
[5] Daniel W. Woods, Tyler Moore, and Andrew C. Simpson. The county fair cyber loss distribution: Drawing inferences from insurance prices. In 18th Workshop on the Economics of Information Security (WEIS), 2019. [ bib | paper ]
[6] Tyler Moore, Nicolas Christin, and Janos Szurdi. Revisiting the risks of bitcoin currency exchange closure. ACM Transactions on Internet Technology, 18(4):50:1--50:18, September 2018. [ bib | DOI | paper | publisher ]
[7] Neil Gandal, JT Hamrick, Tyler Moore, and Tali Obermann. Price manipulation in the Bitcoin ecosystem. Journal of Monetary Economics, 95:86--96, May 2018. [ bib | DOI | appendix | paper ]
[8] Amir Feder, Neil Gandal, JT Hamrick, Tyler Moore, and Marie Vasek. The rise and fall of cryptocurrencies. In 17th Workshop on the Economics of Information Security (WEIS), 2018. [ bib | paper | presentation ]
[9] Muwei Zheng, Hannah Robbins, Zimo Chai, Prakash Thapa, and Tyler Moore. Cybersecurity research datasets: Taxonomy and empirical analysis. In 11th USENIX Workshop on Cyber Security Experimentation and Test (CSET 18), Baltimore, MD, 2018. USENIX Association. [ bib | data | paper | publisher | presentation ]
[10] Marie Vasek and Tyler Moore. Analyzing the Bitcoin Ponzi scheme ecosystem. In Fifth Workshop on Bitcoin and Blockchain Research, Lecture Notes in Computer Science. Springer, 2018. [ bib ]
[11] Jonathan M. Spring, Tyler Moore, and David Pym. Practicing a science of security: A philosophy of science perspective. In New Security Paradigms Workshop (NSPW). ACM, 2017. [ bib | paper ]
[12] Samaneh Tajalizadehkhoob, Tom van Goethem, Maciej Korczyński, Arman Noroozian, Rainer Böhme, Tyler Moore, Wouter Joosen, and Michel van Eeten. Herding vulnerable cats: A statistical approach to disentangle joint responsibility for web security in shared hosting. In ACM SIGSAC Conference on Computer and Communications Security, CCS '17. ACM, 2017. [ bib | paper ]
[13] Joshua Rovner and Tyler Moore. Does the internet need a hegemon? Journal of Global Security Studies, 2(3):184--203, 2017. [ bib | DOI | paper ]
[14] Jake Drew, Michael Hahsler, and Tyler Moore. Polymorphic malware detection using sequence classification methods and ensembles. EURASIP Journal on Information Security, 2017(1):2, 2017. [ bib | publisher ]
[15] Mohammad Hanif Jhaveri, Orcun Cetin, Carlos Gañán, Tyler Moore, and Michel Van Eeten. Abuse reporting and the fight against cybercrime. ACM Computing Surveys (CSUR), 49(4):68, 2017. [ bib | paper | publisher ]
[16] Jake Drew, Michael Hahsler, and Tyler Moore. Polymorphic malware detection using sequence classification methods. In Workshop on Bio-inspired Security, Trust, Assurance and Resilience (BioStar), IEEE Security and Privacy Workshops (SPW), pages 81--87. IEEE, May 2016. [ bib | DOI | paper ]
[17] Orcun Cetin, Mohammad Hanif Jhaveri, Carlos Gañán, Michel van Eeten, and Tyler Moore. Understanding the role of sender reputation in abuse reporting and cleanup. Journal of Cybersecurity, 2(1):83--98, 2016. [ bib | publisher ]
[18] Marie Vasek, Matthew Weeden, and Tyler Moore. Measuring the impact of sharing abuse data with web hosting providers. In ACM Workshop on Information Sharing and Collaborative Security, pages 71--80. ACM, 2016. [ bib | paper | publisher | presentation ]
[19] Amir Feder, Neil Gandal, JT Hamrick, and Tyler Moore. The impact of DDoS and other security shocks on Bitcoin currency exchanges: Evidence from Mt. Gox. In 15th Workshop on the Economics of Information Security (WEIS), 2016. [ bib | paper | presentation ]
[20] Tyler Moore, Scott Dynes, and Frederick Chang. Identifying how firms manage cybersecurity investment. In 15th Workshop on the Economics of Information Security (WEIS), 2016. [ bib | paper | presentation ]
[21] Rainer Böhme and Tyler Moore. The “iterated weakest link” model of adaptive security investment. Journal of Information Security, 7(2):81--102, 2016. [ bib | paper | publisher ]
[22] Markus Riek, Rainer Böhme, and Tyler Moore. Measuring the influence of perceived cybercrime risk on online service avoidance. IEEE Transactions on Dependable and Secure Computing, 13(2):261--273, 2016. [ bib | paper | publisher ]
[23] Marie Vasek, John Wadleigh, and Tyler Moore. Hacking is not random: a case-control study of webserver-compromise risk. IEEE Transactions on Dependable and Secure Computing, 13(2):206--219, 2016. [ bib | paper | publisher ]
[24] Marie Vasek, Joseph Bonneau, Ryan Castellucci, Cameron Keith, and Tyler Moore. The Bitcoin brain drain: Examining the use and abuse of Bitcoin brain wallets. In Financial Cryptography and Data Security, Lecture Notes in Computer Science. Springer, 2016. [ bib | paper | presentation ]
[25] Tyler Moore, Scott Dynes, and Frederick Chang. Identifying how firms manage cybersecurity investment. Technical Report DDI-TR-1001, Darwin Deason Institute for Cyber Security, Southern Methodist University, October 2015. [ bib | paper ]
[26] John Wadleigh, Jake Drew, and Tyler Moore. The e-commerce market for “lemons”: Identification and analysis of websites selling counterfeit goods. In International World Wide Web Conference (Security and Privacy Track), pages 1188--1197. ACM, May 2015. [ bib | paper | publisher ]
[27] Fumiko Hayashi Tyler Moore and Richard J. Sullivan. The economics of retail payments security. In Fifth International Payments Policy Conference: The Puzzle of Payments Security, Federal Reserve Bank of Kansas City, 2015. [ bib | paper | presentation ]
[28] Rainer Böhme, Nicolas Christin, Benjamin Edelman, and Tyler Moore. Bitcoin: Economics, technology, and governance. Journal of Economic Perspectives, 29(2):213--38, 2015. [ bib | DOI | publisher ]
[29] Marie Vasek and Tyler Moore. There's no free lunch, even using Bitcoin: Tracking the popularity and profits of virtual currency scams. In Rainer Böhme and Tatsuaki Okamoto, editors, Financial Cryptography and Data Security, volume 8975 of Lecture Notes in Computer Science, pages 44--61. Springer, January 2015. [ bib | DOI | paper | publisher ]
[30] Tyler Moore and Richard Clayton. Which malware lures work best? measurements from a large instant messaging worm. In APWG Symposium on Electronic Crime Research. IEEE, 2015. [ bib | paper ]
[31] Orcun Cetin, Mohammad Hanif Jhaveri, Carlos Ganan, Michel van Eeten, and Tyler Moore. Understanding the role of sender reputation in abuse reporting and cleanup. In Workshop on the Economics of Information Security, 2015. [ bib | paper ]
[32] Richard Clayton, Tyler Moore, and Nicolas Christin. Concentrating correctly on cybercrime concentration. In Workshop on the Economics of Information Security, 2015. [ bib | paper | publisher ]
[33] Marie Vasek and Tyler Moore. Identifying risk factors for webserver compromise. In Financial Cryptography and Data Security, volume 8437 of Lecture Notes in Computer Science, pages 326--345. Springer, March 2014. [ bib | data | paper | publisher ]
[34] Tyler Moore and Richard Clayton. The ghosts of banking past: Empirical analysis of closed bank websites. In Financial Cryptography and Data Security, volume 8437 of Lecture Notes in Computer Science, pages 33--48. Springer, March 2014. [ bib | data | paper | publisher | presentation ]
[35] Benjamin Johnson, Aron Laszka, Jens Grossklags, Marie Vasek, and Tyler Moore. Game-theoretic analysis of DDoS attacks against Bitcoin mining pools. In 1st Workshop on Bitcoin Research, volume 8438 of Lecture Notes in Computer Science, pages 72--86. Springer, March 2014. [ bib | paper | publisher ]
[36] Marie Vasek, Micah Thornton, and Tyler Moore. Empirical analysis of denial-of-service attacks in the Bitcoin ecosystem. In 1st Workshop on Bitcoin Research, volume 8438 of Lecture Notes in Computer Science, pages 57--71. Springer, March 2014. [ bib | data | paper | publisher ]
[37] Jake Drew and Tyler Moore. Optimized combined clustering methods for finding replicated criminal websites. EURASIP Journal on Information Security, 2014(14), 2014. [ bib | paper ]
[38] Nektarios Leontiadis, Tyler Moore, and Nicolas Christin. A nearly four-year longitudinal study of search-engine poisoning. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS '14, pages 930--941, New York, NY, USA, 2014. ACM. [ bib | DOI | paper | publisher ]
[39] Jake Drew and Tyler Moore. Automatic identification of replicated criminal websites using combined clustering. In International Workshop on Cyber Crime (IWCC), IEEE Security and Privacy Workshops. IEEE, 2014. [ bib | paper ]
[40] Markus Riek, Rainer Böhme, and Tyler Moore. Understanding the influence of cybercrime risk on the e-service adoption of European Internet users. In 13th Annual Workshop on the Economics of Information Security (WEIS), 2014. [ bib | paper ]
[41] Marie Vasek and Tyler Moore. Empirical analysis of factors affecting malware URL detection. In 8th APWG eCrime Researchers Summit (eCrime), September 2013. [ bib | paper ]
[42] Nektarios Leontiadis, Tyler Moore, and Nicolas Christin. Pick your poison: Pricing and inventories at unlicensed online pharmacies. In ACM Conference on Electronic Commerce (EC), pages 621--638. ACM, June 2013. [ bib | paper | publisher ]
[43] Tyler Moore and Nicolas Christin. Beware the middleman: Empirical analysis of Bitcoin-exchange risk. In Financial Cryptography and Data Security, volume 7859 of Lecture Notes in Computer Science, pages 25--33. Springer, April 2013. [ bib | data | paper | publisher | presentation ]
[44] Steve Papa, William Casper, and Tyler Moore. Securing wastewater facilities from accidental and intentional harm: a cost-benefit analysis. International Journal of Critical Infrastructure Protection, 6(2):96--106, 2013. [ bib | paper | publisher ]
[45] Rainer Böhme and Tyler Moore. How do consumers react to cybercrime? In APWG eCrime Researchers Summit (eCrime), October 2012. [ bib | paper | presentation ]
[46] Tyler Moore and Richard Clayton. Discovering phishing dropboxes using email metadata. In 7th APWG eCrime Researchers Summit (eCrime), October 2012. [ bib | paper | presentation ]
[47] Tyler Moore and Ross Anderson. Internet security. In Martin Peitz and Joel Waldfogel, editors, The Oxford Handbook of the Digital Economy, pages 572--599. Oxford University Press, 2012. [ bib | paper | publisher ]
[48] Susan Landau and Tyler Moore. Economic tussles in federated identity management. First Monday, 17(10), 2012. [ bib | publisher | presentation ]
[49] Tyler Moore, Jie Han, and Richard Clayton. The postmodern Ponzi scheme: Empirical analysis of high-yield investment programs. In Angelos D. Keromytis, editor, Financial Cryptography and Data Security, volume 7397 of Lecture Notes in Computer Science, pages 41--56. Springer, 2012. [ bib | paper | publisher | presentation ]
[50] Ross Anderson, Chris Barton, Rainer Böhme, Richard Clayton, Michael van Eeten, Michael Levi, Tyler Moore, and Stefan Savage. Measuring the cost of cybercrime. In 11th Annual Workshop on the Economics of Information Security (WEIS), 2012. [ bib | paper | presentation ]
[51] Marie Vasek and Tyler Moore. Do malware reports expedite cleanup? An experimental study. In Proceedings of the 5th USENIX Workshop on Cyber Security Experimentation and Test, CSET'12, Berkeley, CA, USA, 2012. USENIX Association. [ bib | data | paper | publisher | presentation ]
[52] Benjamin Edwards, Tyler Moore, George Stelle, Steven A. Hofmeyr, and Stephanie Forrest. Beyond the blacklist: Modeling malware spread and the effect of interventions. In Proceedings of the New Security Paradigms Workshop, Bertinoro, Italy, September 19-21, 2012. ACM, 2012. [ bib | paper ]
[53] Tyler Moore and Richard Clayton. The impact of public information on phishing attack and defense. Communications & Strategies, 1(81):45--68, 2011. [ bib | paper | publisher ]
[54] Tyler Moore and Richard Clayton. Ethical dilemmas in take-down research. In George Danezis, Sven Dietrich, and Kazue Sako, editors, Workshop on the Ethics of Computer Security Research (Financial Cryptography Workshops), volume 7126 of Lecture Notes in Computer Science, pages 154--168. Springer, 2011. [ bib | paper | publisher | presentation ]
[55] Susan Landau and Tyler Moore. Economic tussles in federated identity management. In 10th Annual Workshop on the Economics of Information Security (WEIS), 2011. [ bib | publisher | presentation ]
[56] Steven A. Hofmeyr, Tyler Moore, Stephanie Forrest, Benjamin Edwards, and George Stelle. Modeling internet-scale policies for cleaning up malware. In 10th Annual Workshop on the Economics of Information Security (WEIS), 2011. [ bib | paper | publisher ]
[57] Nektarios Leontiadis, Tyler Moore, and Nicolas Christin. Measuring and analyzing search-redirection attacks in the illicit online prescription drug trade. In USENIX Security Symposium. USENIX Association, 2011. [ bib | paper | publisher ]
[58] Tyler Moore, Nektarios Leontiadis, and Nicolas Christin. Fashion crimes: trending-term exploitation on the web. In Yan Chen, George Danezis, and Vitaly Shmatikov, editors, ACM Conference on Computer and Communications Security (CCS), pages 455--466. ACM, 2011. [ bib | paper | publisher | presentation ]
[59] Tyler Moore. The economics of cybersecurity: Principles and policy options. In Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy, pages 3--23. The National Academies Press, 2010. [ bib | publisher ]
[60] Tal Moran and Tyler Moore. The phish-market protocol: Secure sharing between competitors. IEEE Security & Privacy, 8(4):40--45, 2010. [ bib | paper | publisher ]
[61] Rainer Böhme and Tyler Moore. The iterated weakest link. IEEE Security & Privacy, 8(1):53--55, 2010. [ bib | paper | publisher ]
[62] Tyler Moore. The economics of cybersecurity: Principles and policy options. International Journal of Critical Infrastructure Protection, 3(3--4):103 -- 117, 2010. [ bib | DOI | paper | publisher ]
[63] Tyler Moore and Benjamin Edelman. Measuring the perpetrators and funders of typosquatting. In Radu Sion, editor, Financial Cryptography and Data Security, volume 6052 of Lecture Notes in Computer Science, pages 175--191. Springer, 2010. [ bib | data | paper | publisher | presentation ]
[64] Tal Moran and Tyler Moore. The phish-market protocol: Securely sharing attack data between competitors. In Radu Sion, editor, Financial Cryptography and Data Security, volume 6052 of Lecture Notes in Computer Science, pages 222--237. Springer, 2010. [ bib | paper | publisher | presentation ]
[65] Tyler Moore, Allan Friedman, and Ariel D. Procaccia. Would a 'cyber warrior' protect us: exploring trade-offs between attack and defense of information systems. In Angelos D. Keromytis, Sean Peisert, Richard Ford, and Carrie Gates, editors, New Security Paradigms Workshop (NSPW), pages 85--94. ACM, 2010. [ bib | paper | publisher ]
[66] Tyler Moore, Richard Clayton, and Ross Anderson. The economics of online crime. Journal of Economic Perspectives, 23(3):3--20, Summer 2009. [ bib | paper | publisher ]
[67] Tyler Moore and Richard Clayton. Evil searching: Compromise and recompromise of internet hosts for phishing. In Roger Dingledine and Philippe Golle, editors, Financial Cryptography and Data Security, volume 5628 of Lecture Notes in Computer Science, pages 256--272. Springer, 2009. [ bib | paper | publisher | presentation ]
[68] Tyler Moore, Richard Clayton, and Henry Stern. Temporal correlations between spam and phishing websites. In Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more, LEET'09, Berkeley, CA, USA, 2009. USENIX Association. [ bib | paper | publisher | presentation ]
[69] Rainer Böhme and Tyler Moore. The iterated weakest link - a model of adaptive security investment. In 8th Annual Workshop on the Economics of Information Security (WEIS), 2009. [ bib | paper | publisher | presentation ]
[70] Tyler Moore and Richard Clayton. Evaluating the wisdom of crowds in assessing phishing websites. In Gene Tsudik, editor, Financial Cryptography and Data Security, volume 5143 of Lecture Notes in Computer Science, pages 16--30. Springer, 2008. [ bib | paper | publisher | presentation ]
[71] Ross Anderson, Rainer Böhme, Richard Clayton, and Tyler Moore. Security economics and European policy. In Norbert Pohlmann, Helmut Reimer, and Wolfgang Schneider, editors, Information Security Solutions Europe (ISSE), pages 57--76. Vieweg+Teubner, 2008. [ bib | publisher ]
[72] Tyler Moore and Richard Clayton. The consequence of non-cooperation in the fight against phishing. In APWG eCrime Researchers Summit, pages 1--14. IEEE, 2008. [ bib | paper | publisher | presentation ]
[73] Ross Anderson, Tyler Moore, Shishir Nagaraja, and Andy Ozment. Incentives and information security. In Noam Nisan, Tim Roughgarden, Eva Tardos, and Vijay V. Vazirani, editors, Algorithmic Game Theory, pages 633--649. Cambridge University Press, New York, NY, USA, 2007. [ bib ]
[74] Tyler Moore and Richard Clayton. An empirical analysis of the current state of phishing attack and defence. In 6th Annual Workshop on the Economics of Information Security (WEIS), 2007. [ bib | paper | publisher | presentation ]
[75] Tyler Moore and Richard Clayton. Examining the impact of website take-down on phishing. In Lorrie Faith Cranor, editor, APWG eCrime Researchers Summit, volume 269 of ACM International Conference Proceeding Series, pages 1--13. ACM, 2007. [ bib | paper | publisher | presentation ]
[76] Ross Anderson and Tyler Moore. The economics of information security. Science, 314(5799):610--613, 2006. [ bib | DOI | paper | publisher ]
[77] Tyler Moore. The economics of digital forensics. In 5th Annual Workshop on the Economics of Information Security (WEIS), 2006. [ bib | paper | publisher ]
[78] Tyler Moore. Countering hidden-action attacks on networked systems. In 4th Annual Workshop on the Economics of Information Security (WEIS), 2005. [ bib | paper | publisher | presentation ]