Publications

Here is a comprehensive, reverse chronological list of papers, with corresponding presentations and news articles as appropriate.

You can also view my pages on Google Scholar and DBLP.

Replication datasets have been made available where possible. To view public datasets for my research group, visit the Security Economics Lab Dataverse.

Search Publications

Peer-Reviewed Conference Papers

[1] Neil Gandal, JT Hamrick, Tyler Moore, and Tali Oberman. Price manipulation in the Bitcoin ecosystem. In 16th Workshop on the Economics of Information Security (WEIS), 2017. [ bib | paper | presentation ]
[2] Jake Drew, Michael Hahsler, and Tyler Moore. Polymorphic malware detection using sequence classification methods. In Workshop on Bio-inspired Security, Trust, Assurance and Resilience (BioStar), IEEE Security and Privacy Workshops (SPW), pages 81--87. IEEE, May 2016. [ bib | DOI | paper ]
[3] Marie Vasek, Joseph Bonneau, Ryan Castellucci, Cameron Keith, and Tyler Moore. The Bitcoin brain drain: Examining the use and abuse of Bitcoin brain wallets. In Jens Grossklags and Bart Preneel, editors, Financial Cryptography and Data Security, volume 9603 of Lecture Notes in Computer Science, pages 609--618. Springer, 2016. [ bib | paper | publisher | presentation ]
[4] Tyler Moore, Scott Dynes, and Frederick Chang. Identifying how firms manage cybersecurity investment. In 15th Workshop on the Economics of Information Security (WEIS), 2016. [ bib | paper | presentation ]
[5] Amir Feder, Neil Gandal, JT Hamrick, and Tyler Moore. The impact of DDoS and other security shocks on Bitcoin currency exchanges: Evidence from Mt. Gox. In 15th Workshop on the Economics of Information Security (WEIS), 2016. [ bib | paper | presentation ]
[6] Marie Vasek, Matthew Weeden, and Tyler Moore. Measuring the impact of sharing abuse data with web hosting providers. In ACM Workshop on Information Sharing and Collaborative Security, pages 71--80. ACM, 2016. [ bib | paper | publisher | presentation ]
[7] John Wadleigh, Jake Drew, and Tyler Moore. The e-commerce market for “lemons”: Identification and analysis of websites selling counterfeit goods. In International World Wide Web Conference (Security and Privacy Track), pages 1188--1197. ACM, May 2015. [ bib | paper | publisher ]
[8] Richard Clayton, Tyler Moore, and Nicolas Christin. Concentrating correctly on cybercrime concentration. In 14th Workshop on the Economics of Information Security, 2015. [ bib | paper | publisher ]
[9] Orcun Cetin, Mohammad Hanif Jhaveri, Carlos Ganan, Michel van Eeten, and Tyler Moore. Understanding the role of sender reputation in abuse reporting and cleanup. In 14th Workshop on the Economics of Information Security, 2015. [ bib | paper ]
[10] Tyler Moore and Richard Clayton. Which malware lures work best? measurements from a large instant messaging worm. In APWG Symposium on Electronic Crime Research (eCrime), pages 69--78. IEEE, 2015. [ bib | DOI | paper ]
[11] Marie Vasek and Tyler Moore. There's no free lunch, even using Bitcoin: Tracking the popularity and profits of virtual currency scams. In Rainer Böhme and Tatsuaki Okamoto, editors, Financial Cryptography and Data Security, volume 8975 of Lecture Notes in Computer Science, pages 44--61. Springer, January 2015. [ bib | DOI | paper | publisher | presentation ]
[12] Marie Vasek, Micah Thornton, and Tyler Moore. Empirical analysis of denial-of-service attacks in the Bitcoin ecosystem. In 1st Workshop on Bitcoin Research, volume 8438 of Lecture Notes in Computer Science, pages 57--71. Springer, March 2014. [ bib | data | paper | publisher | presentation ]
[13] Benjamin Johnson, Aron Laszka, Jens Grossklags, Marie Vasek, and Tyler Moore. Game-theoretic analysis of DDoS attacks against Bitcoin mining pools. In 1st Workshop on Bitcoin Research, volume 8438 of Lecture Notes in Computer Science, pages 72--86. Springer, March 2014. [ bib | paper | publisher ]
[14] Tyler Moore and Richard Clayton. The ghosts of banking past: Empirical analysis of closed bank websites. In Financial Cryptography and Data Security, volume 8437 of Lecture Notes in Computer Science, pages 33--48. Springer, March 2014. [ bib | data | paper | publisher | presentation ]
[15] Marie Vasek and Tyler Moore. Identifying risk factors for webserver compromise. In Financial Cryptography and Data Security, volume 8437 of Lecture Notes in Computer Science, pages 326--345. Springer, March 2014. [ bib | data | paper | publisher | presentation ]
[16] Markus Riek, Rainer Böhme, and Tyler Moore. Understanding the influence of cybercrime risk on the e-service adoption of European Internet users. In 13th Workshop on the Economics of Information Security (WEIS), 2014. [ bib | paper ]
[17] Jake Drew and Tyler Moore. Automatic identification of replicated criminal websites using combined clustering. In International Workshop on Cyber Crime (IWCC), IEEE Security and Privacy Workshops. IEEE, 2014. [ bib | paper ]
[18] Nektarios Leontiadis, Tyler Moore, and Nicolas Christin. A nearly four-year longitudinal study of search-engine poisoning. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS '14, pages 930--941, New York, NY, USA, 2014. ACM. [ bib | DOI | paper | publisher ]
[19] Marie Vasek and Tyler Moore. Empirical analysis of factors affecting malware URL detection. In 8th APWG eCrime Researchers Summit (eCrime), September 2013. [ bib | paper | presentation ]
[20] Nektarios Leontiadis, Tyler Moore, and Nicolas Christin. Pick your poison: Pricing and inventories at unlicensed online pharmacies. In ACM Conference on Electronic Commerce (EC), pages 621--638. ACM, June 2013. [ bib | paper | publisher ]
[21] Tyler Moore and Nicolas Christin. Beware the middleman: Empirical analysis of Bitcoin-exchange risk. In Financial Cryptography and Data Security, volume 7859 of Lecture Notes in Computer Science, pages 25--33. Springer, April 2013. [ bib | data | paper | publisher | presentation ]
[22] Tyler Moore and Richard Clayton. Discovering phishing dropboxes using email metadata. In 7th APWG eCrime Researchers Summit (eCrime), October 2012. [ bib | paper | presentation ]
[23] Rainer Böhme and Tyler Moore. How do consumers react to cybercrime? In APWG eCrime Researchers Summit (eCrime), October 2012. [ bib | paper | presentation ]
[24] Benjamin Edwards, Tyler Moore, George Stelle, Steven A. Hofmeyr, and Stephanie Forrest. Beyond the blacklist: Modeling malware spread and the effect of interventions. In Proceedings of the New Security Paradigms Workshop, Bertinoro, Italy, September 19-21, 2012. ACM, 2012. [ bib | paper ]
[25] Marie Vasek and Tyler Moore. Do malware reports expedite cleanup? An experimental study. In Proceedings of the 5th USENIX Workshop on Cyber Security Experimentation and Test, CSET'12, Berkeley, CA, USA, 2012. USENIX Association. [ bib | data | paper | publisher | presentation ]
[26] Ross Anderson, Chris Barton, Rainer Böhme, Richard Clayton, Michael van Eeten, Michael Levi, Tyler Moore, and Stefan Savage. Measuring the cost of cybercrime. In 11th Workshop on the Economics of Information Security (WEIS), 2012. [ bib | paper | presentation ]
[27] Tyler Moore, Jie Han, and Richard Clayton. The postmodern Ponzi scheme: Empirical analysis of high-yield investment programs. In Angelos D. Keromytis, editor, Financial Cryptography and Data Security, volume 7397 of Lecture Notes in Computer Science, pages 41--56. Springer, 2012. [ bib | paper | publisher | presentation ]
[28] Tyler Moore, Nektarios Leontiadis, and Nicolas Christin. Fashion crimes: trending-term exploitation on the web. In Yan Chen, George Danezis, and Vitaly Shmatikov, editors, ACM Conference on Computer and Communications Security (CCS), pages 455--466. ACM, 2011. [ bib | paper | publisher | presentation ]
[29] Nektarios Leontiadis, Tyler Moore, and Nicolas Christin. Measuring and analyzing search-redirection attacks in the illicit online prescription drug trade. In USENIX Security Symposium. USENIX Association, 2011. [ bib | paper | publisher ]
[30] Steven A. Hofmeyr, Tyler Moore, Stephanie Forrest, Benjamin Edwards, and George Stelle. Modeling internet-scale policies for cleaning up malware. In 10th Workshop on the Economics of Information Security (WEIS), 2011. [ bib | paper | publisher ]
[31] Susan Landau and Tyler Moore. Economic tussles in federated identity management. In 10th Workshop on the Economics of Information Security (WEIS), 2011. [ bib | publisher | presentation ]
[32] Tyler Moore and Richard Clayton. Ethical dilemmas in take-down research. In George Danezis, Sven Dietrich, and Kazue Sako, editors, Workshop on the Ethics of Computer Security Research (Financial Cryptography Workshops), volume 7126 of Lecture Notes in Computer Science, pages 154--168. Springer, 2011. [ bib | paper | publisher | presentation ]
[33] Tyler Moore, Allan Friedman, and Ariel D. Procaccia. Would a 'cyber warrior' protect us: exploring trade-offs between attack and defense of information systems. In Angelos D. Keromytis, Sean Peisert, Richard Ford, and Carrie Gates, editors, New Security Paradigms Workshop (NSPW), pages 85--94. ACM, 2010. [ bib | paper | publisher ]
[34] Tal Moran and Tyler Moore. The phish-market protocol: Securely sharing attack data between competitors. In Radu Sion, editor, Financial Cryptography and Data Security, volume 6052 of Lecture Notes in Computer Science, pages 222--237. Springer, 2010. [ bib | paper | publisher | presentation ]
[35] Tyler Moore and Benjamin Edelman. Measuring the perpetrators and funders of typosquatting. In Radu Sion, editor, Financial Cryptography and Data Security, volume 6052 of Lecture Notes in Computer Science, pages 175--191. Springer, 2010. [ bib | data | paper | publisher | presentation ]
[36] Rainer Böhme and Tyler Moore. The iterated weakest link - a model of adaptive security investment. In 8th Workshop on the Economics of Information Security (WEIS), 2009. [ bib | paper | publisher | presentation ]
[37] Tyler Moore, Richard Clayton, and Henry Stern. Temporal correlations between spam and phishing websites. In Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more, LEET'09, Berkeley, CA, USA, 2009. USENIX Association. [ bib | paper | publisher | presentation ]
[38] Tyler Moore and Richard Clayton. Evil searching: Compromise and recompromise of internet hosts for phishing. In Roger Dingledine and Philippe Golle, editors, Financial Cryptography and Data Security, volume 5628 of Lecture Notes in Computer Science, pages 256--272. Springer, 2009. [ bib | paper | publisher | presentation ]
[39] Tyler Moore, Maxim Raya, Jolyon Clulow, Panagiotis Papadimitratos, Ross Anderson, and Jean-Pierre Hubaux. Fast exclusion of errant devices from vehicular networks. In Proceedings of the Fifth Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks (SECON), pages 135--143, 2008. [ bib | paper | publisher ]
[40] Tyler Moore and Richard Clayton. The consequence of non-cooperation in the fight against phishing. In APWG eCrime Researchers Summit, pages 1--14. IEEE, 2008. [ bib | paper | publisher | presentation ]
[41] Ross Anderson, Rainer Böhme, Richard Clayton, and Tyler Moore. Security economics and European policy. In Norbert Pohlmann, Helmut Reimer, and Wolfgang Schneider, editors, Information Security Solutions Europe (ISSE), pages 57--76. Vieweg+Teubner, 2008. [ bib | publisher ]
[42] Tyler Moore and Richard Clayton. Evaluating the wisdom of crowds in assessing phishing websites. In Gene Tsudik, editor, Financial Cryptography and Data Security, volume 5143 of Lecture Notes in Computer Science, pages 16--30. Springer, 2008. [ bib | paper | publisher | presentation ]
[43] Tyler Moore, Jolyon Clulow, Shishir Nagaraja, and Ross Anderson. New strategies for revocation in ad-hoc networks. In Frank Stajano, Catherine Meadows, Srdjan Capkun, and Tyler Moore, editors, 4th European Workshop on Security and Privacy in Ad-hoc and Sensor Networks (ESAS), volume 4572 of Lecture Notes in Computer Science, pages 232--246. Springer, 2007. [ bib | paper | publisher | presentation ]
[44] Tyler Moore and Jolyon Clulow. Secure path-key revocation for symmetric key pre-distribution schemes in sensor networks. In Hein S. Venter, Mariki M. Eloff, Les Labuschagne, Jan H. P. Eloff, and Rossouw von Solms, editors, Proceedings of the IFIP TC-11 22nd International Information Security Conference (IFIP SEC), volume 232 of IFIP, pages 157--168. Springer, 2007. [ bib | paper | publisher | presentation ]
[45] Tyler Moore and Richard Clayton. Examining the impact of website take-down on phishing. In Lorrie Faith Cranor, editor, APWG eCrime Researchers Summit, volume 269 of ACM International Conference Proceeding Series, pages 1--13. ACM, 2007. [ bib | paper | publisher | presentation ]
[46] Tyler Moore and Richard Clayton. An empirical analysis of the current state of phishing attack and defence. In 6th Workshop on the Economics of Information Security (WEIS), 2007. [ bib | paper | publisher | presentation ]
[47] Jolyon Clulow, Gerhard P. Hancke, Markus G. Kuhn, and Tyler Moore. So near and yet so far: Distance-bounding attacks in wireless networks. In Levente Buttyán, Virgil D. Gligor, and Dirk Westhoff, editors, 3rd European Workshop on Security and Privacy in Ad-hoc and Sensor Networks (ESAS), volume 4357 of Lecture Notes in Computer Science, pages 83--97. Springer, 2006. [ bib | paper | publisher | presentation ]
[48] Tyler Moore. A collusion attack on pairwise key predistribution schemes for distributed sensor networks. In 4th IEEE Conference on Pervasive Computing and Communications Security (PerSec), pages 251--255. IEEE Computer Society, 2006. [ bib | paper | publisher | presentation ]
[49] Tyler Moore. The economics of digital forensics. In 5th Workshop on the Economics of Information Security (WEIS), 2006. [ bib | paper | publisher ]
[50] Tyler Moore. Countering hidden-action attacks on networked systems. In 4th Workshop on the Economics of Information Security (WEIS), 2005. [ bib | paper | publisher | presentation ]
[51] T. Kosloff, Tyler Moore, J. Keller, Gavin W. Manes, and Sujeet Shenoi. Attacks on public telephone networks: technologies and challenges. In SPIE 5071, Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Defense and Law Enforcement II, 72, pages 72--83, 2003. [ bib | publisher ]
[52] Todd Kosloff, Tyler Moore, Jesse Keller, Gavin Manes, and Sujeet Shenoi. SS7 messaging attacks on public telephone networks: Attack scenarios and detection. In Workshop on the Scientific Aspects of Cyber Terrorism. ACM, November 2002. [ bib ]
[53] Gary Lorenz, Tyler Moore, Gavin Manes, John Hale, and Sujeet Shenoi. Securing SS7 telecommunications networks. In Second IEEE Systems, Man and Cybernetics Information Assurance Workshop, June 2001. [ bib ]

Peer-Reviewed Journal Articles

[1] Mohammad Hanif Jhaveri, Orcun Cetin, Carlos Gañán, Tyler Moore, and Michel Van Eeten. Abuse reporting and the fight against cybercrime. ACM Computing Surveys (CSUR), 49(4):68, 2017. [ bib | paper | publisher ]
[2] Joshua Rovner and Tyler Moore. Does the Internet need a hegemon? Journal of Global Security Studies, 2017. (to appear). [ bib ]
[3] Jake Drew, Michael Hahsler, and Tyler Moore. Polymorphic malware detection using sequence classification methods and ensembles. EURASIP Journal on Information Security, 2017(1):2, 2017. [ bib | publisher ]
[4] Marie Vasek, John Wadleigh, and Tyler Moore. Hacking is not random: a case-control study of webserver-compromise risk. IEEE Transactions on Dependable and Secure Computing, 13(2):206--219, 2016. [ bib | paper | publisher ]
[5] Markus Riek, Rainer Böhme, and Tyler Moore. Measuring the influence of perceived cybercrime risk on online service avoidance. IEEE Transactions on Dependable and Secure Computing, 13(2):261--273, 2016. [ bib | paper | publisher ]
[6] Rainer Böhme and Tyler Moore. The “iterated weakest link” model of adaptive security investment. Journal of Information Security, 7(2):81--102, 2016. [ bib | paper | publisher ]
[7] Orcun Cetin, Mohammad Hanif Jhaveri, Carlos Gañán, Michel van Eeten, and Tyler Moore. Understanding the role of sender reputation in abuse reporting and cleanup. Journal of Cybersecurity, 2(1):83--98, 2016. [ bib | publisher ]
[8] Rainer Böhme, Nicolas Christin, Benjamin Edelman, and Tyler Moore. Bitcoin: Economics, technology, and governance. Journal of Economic Perspectives, 29(2):213--38, 2015. [ bib | DOI | publisher ]
[9] Jake Drew and Tyler Moore. Optimized combined clustering methods for finding replicated criminal websites. EURASIP Journal on Information Security, 2014(14), 2014. [ bib | paper ]
[10] Steve Papa, William Casper, and Tyler Moore. Securing wastewater facilities from accidental and intentional harm: a cost-benefit analysis. International Journal of Critical Infrastructure Protection, 6(2):96--106, 2013. [ bib | paper | publisher ]
[11] Susan Landau and Tyler Moore. Economic tussles in federated identity management. First Monday, 17(10), 2012. [ bib | publisher | presentation ]
[12] Tyler Moore and Richard Clayton. The impact of public information on phishing attack and defense. Communications & Strategies, 1(81):45--68, 1st quart 2011. [ bib | paper | publisher ]
[13] Tyler Moore. The economics of cybersecurity: Principles and policy options. International Journal of Critical Infrastructure Protection, 3(3--4):103 -- 117, 2010. [ bib | DOI | paper | publisher ]
[14] Rainer Böhme and Tyler Moore. The iterated weakest link. IEEE Security & Privacy, 8(1):53--55, 2010. [ bib | paper | publisher ]
[15] Tal Moran and Tyler Moore. The phish-market protocol: Secure sharing between competitors. IEEE Security & Privacy, 8(4):40--45, 2010. [ bib | paper | publisher ]
[16] Tyler Moore, Richard Clayton, and Ross Anderson. The economics of online crime. Journal of Economic Perspectives, 23(3):3--20, Summer 2009. [ bib | paper | publisher ]
[17] Jolyon Clulow and Tyler Moore. Suicide for the common good: a new strategy for credential revocation in self-organizing systems. Operating Systems Review, 40(3):18--21, 2006. [ bib | publisher ]
[18] Ross Anderson and Tyler Moore. The economics of information security. Science, 314(5799):610--613, 2006. [ bib | DOI | paper | publisher ]

Books and Book Chapters

[1] Tyler Moore and Ross Anderson. Internet security. In Martin Peitz and Joel Waldfogel, editors, The Oxford Handbook of the Digital Economy, pages 572--599. Oxford University Press, 2012. [ bib | paper | publisher ]
[2] Tyler Moore. The economics of cybersecurity: Principles and policy options. In Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy, pages 3--23. The National Academies Press, 2010. [ bib | publisher ]
[3] Tyler Moore, David Pym, and Christos Ioannidis, editors. Economics of Information Security and Privacy. Springer, 2010. [ bib ]
[4] Ross Anderson, Tyler Moore, Shishir Nagaraja, and Andy Ozment. Incentives and information security. In Noam Nisan, Tim Roughgarden, Eva Tardos, and Vijay V. Vazirani, editors, Algorithmic Game Theory, pages 633--649. Cambridge University Press, New York, NY, USA, 2007. [ bib ]
[5] Christopher Swenson, Tyler Moore, and Sujeet Shenoi. GSM cell site forensics. In Martin Olivier and Sujeet Shenoi, editors, Advances in Digital Forensics II, volume 222 of IFIP Advances in Information and Communication, pages 259--272. Springer, 2006. [ bib | DOI | publisher ]
[6] Tyler Moore, Anthony Meehan, Gavin Manes, and Sujeet Shenoi. Using signaling information in telecom network forensics. In Mark Pollitt and Sujeet Shenoi, editors, Advances in Digital Forensics, volume 194 of IFIP -- The International Federation for Information Processing, pages 177--188. Springer, 2005. [ bib | DOI | publisher ]

Invited Articles

[1] Tyler Moore, Christian W. Probst, Kai Rannenberg, and Michel van Eeten. Assessing ICT Security Risks in Socio-Technical Systems (Dagstuhl Seminar 16461). Dagstuhl Reports, 6(11):63--89, 2017. [ bib | DOI | paper ]
[2] Fumiko Hayashi Tyler Moore and Richard J. Sullivan. The economics of retail payments security. In Fifth International Payments Policy Conference: The Puzzle of Payments Security, Federal Reserve Bank of Kansas City, 2015. [ bib | paper | presentation ]
[3] Tyler Moore. The promise and perils of digital currencies. International Journal of Critical Infrastructure Protection, 6(3--4):147--149, 2013. [ bib | paper ]
[4] Tyler Moore. Investigating the abuse of search engines to promote illicit online pharmacies. Virus Bulletin, November 2011. [ bib ]
[5] Tyler Moore. How wise are crowds when assessing phishing websites? Virus Bulletin, April 2008. [ bib ]
[6] Tyler Moore. Phishing and the economics of e-crime. Elsevier Infosecurity Magazine, 4(6):34--37, 2007. [ bib ]
[7] Ross Anderson and Tyler Moore. Information security economics - and beyond. In Alfred Menezes, editor, 27th Annual International Cryptology Conference (CRYPTO), volume 4622 of Lecture Notes in Computer Science, pages 68--91. Springer, 2007. [ bib | paper | publisher ]
[8] Tyler Moore. Workshop report: DIMACS workshop on information security economics, January 2007. [ bib ]
[9] Tyler Moore and Ross Anderson. Trends in security economics. European Network and Information Security Agency Quarterly, 1(3):6--7, 2005. [ bib ]

PhD Thesis

[1] Tyler Moore. Cooperative attack and defense in distributed networks. Technical Report UCAM-CL-TR-718, University of Cambridge, Computer Laboratory, June 2008. [ bib | paper ]