Ross Anderson gave a TechTalk last week.
Computer security has recently imported a lot of ideas from economics, psychology and sociology, leading to fresh insights and new tools.
I will describe one thread of research that draws together techniques from fields as diverse as signals intelligence and sociology to search for artificial communities.
Evildoers online divide roughly into two categories - those who don't want their websites to be found, such as phishermen, and those who do. The latter category runs from fake escrow sites through dodgy stores to postmodern Ponzi schemes. A few of them buy ads, but many set up fake communities in the hope of having victims driven to their sites for free. How can these reputation thieves be detected?
Some of our work in security economics and social networking may give an insight into the practical effects of network topology. These tie up in various ways with traffic analysis, long used by the signals intelligence agencies which trawl the airwaves and networks looking for interesting targets. I'll describe a number of dubious business enterprises we've unearthed.
Recent advances in algorithms, such as Newman's modularity matrix, have increased the robustness of covert community detection. But much scope remains for wrongdoers to hide themselves better as they become topologically aware; we can expect attack and defence to go through several rounds of coevolution.
I'll therefore end up by talking about some strategic issues, such as the extent to which search engines and other service providers could, or should, share information in the interests of wickedness detection.
Ooh ... I went to that :)