An Empirical Analysis of Risk Aversion in Malware Infections

  • Jude Jacob Nsiempba
  • Fanny Lalonde Lévesque
  • Nathalie de Marcellis-Warin
  • José M. Fernandez
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10694)


We present in this paper the results from a field study we conducted over a 4-month period. The experience aimed at evaluating the impact of the technological and human factors on the risk of getting infected by malware.

In this article, we applied the economic concept of risk aversion in order to study the behaviour of users towards the risk of malware infection. Our results show that younger users and men in particular, with a higher level of expertise in computer science are more susceptible to open multiple web accounts and install more software from the Internet. Furthermore, the increase in the level of expertise in computer science, creates in men a negative attitude towards alert messages of antivirus; while in women, the opposite happens.


Computer security Risk aversion Human factors 


  1. 1.
    Ovelgönne, M., Dumitras, T., Prakash, B.A., et al.: Understanding the relationship between human behavior and susceptibility to cyber attacks: a data-driven approach. ACM Trans. Intell. Syst. Technol. (TIST) 8(4), 51 (2017)Google Scholar
  2. 2.
    Ion, I., Reeder, R., Consolvo, S.: No one Can Hack My Mind: comparing expert and non-expert security practices. In: SOUPS, pp. 327–346 (2015)Google Scholar
  3. 3.
    De Luca, A., Das, S., Ortlieb, M., et al.: Expert and non-expert attitudes towards (secure) instant messaging. In: Symposium on Usable Privacy and Security (SOUPS) 2016Google Scholar
  4. 4.
    Lalonde Lévesque, F., Nsiempba, J., Fernandez, J.M., et al.: A clinical study of risk factors related to malware infections. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 97–108. ACM (2013)Google Scholar
  5. 5.
    Lalonde Lévesque, F., Davis, C.R., Fernandez, J.M., Chiasson, S., Somayaji, A.: Methodology for a field study of anti-malware software. In: Blyth, J., Dietrich, S., Camp, L.J. (eds.) FC 2012. LNCS, vol. 7398, pp. 80–85. Springer, Heidelberg (2012). CrossRefGoogle Scholar
  6. 6.
    Yen, T., Heorhladi, V., Oprea, A., et al.: An epidemiological study of malware encounters in a large enterprise. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 1117–1130. ACM (2014)Google Scholar
  7. 7.
    Carlinet, Y., Me, L., Debar, H., et al.: Analysis of computer infection risk factors based on customer network usage. In: Second International Conference on Emerging Security Information, Systems and Technologies, 2008, SECURWARE 2008, pp. 317–325. IEEE (2008)Google Scholar
  8. 8.
    Canali, D., Bilge, L., Balzarotti, D.: On the effectiveness of risk prediction based on users browsing behavior. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, pp. 171–182. ACM (2014)Google Scholar
  9. 9.
    Bossler, A.M., Holt, T.J.: On-line activities, guardianship, and malware infection: an examination of routine activities theory. Int. J. Cyber Criminol. 3(1), 400 (2009)Google Scholar
  10. 10.
    Ngo, F.T., Paternoster, R.: Cybercrime victimization: an examination of individual and situational level factors. Int. J. Cyber Criminol. 5(1), 773 (2011)Google Scholar
  11. 11.
    Lévesque, F.L., Fernandez, J.M., Batchelder, D.: Age and gender as independent risk factors for malware victimisation. In: Proceedings of the 31th International British Human Computer Interaction Conference. ACM, Sunderland, UK (2017)Google Scholar
  12. 12.
    Oliveira, D., Rocha, H., Yang, H., et al.: Dissecting spear phishing emails for older vs young adults: on the interplay of weapons of influence and life domains in predicting susceptibility to phishing. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, pp. 6412–6424. ACM (2017)Google Scholar
  13. 13.
    Grimes, G.A., Hough, M.G., Signorella, M.L.: Email end users and spam: relations of gender and age group to attitudes and actions. Comput. Hum. Behav. 23(1), 318–332 (2007)CrossRefGoogle Scholar
  14. 14.
    Sheng, S., Holbrook, M., Kumaraguru, P., et al.: Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 373–382. ACM (2010)Google Scholar
  15. 15.
    Luhmann, N:. Confiance et familiarité. Réseaux (4), 15–35 (2001)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Jude Jacob Nsiempba
    • 1
  • Fanny Lalonde Lévesque
    • 1
  • Nathalie de Marcellis-Warin
    • 1
  • José M. Fernandez
    • 1
  1. 1.École Polytechnique de MontréalMontréalCanada

Personalised recommendations