Abstract
While human users are often considered to be the weakest link in security systems, the risks associated with their typical day-to-day computing habits are not well understood. Using Symantec’s WINE platform, we conduct a detailed study of 13.7B pieces of malware over a population of 1.6 million machines during an 8-month period in order to learn the relationship between user behavior and cyber-attacks against their personal computers. We classify users into four categories (gamers, professionals, software developers, others plus a fifth category comprising everyone) and identify a total of seven independent variables to study: (i) number of binaries (executables) on a machine, (ii) fraction of low-prevalence binaries on a machine, (iii) fraction of high-prevalence binaries on a machine, (iv) fraction of unique binaries on a machine, (v) fraction of downloaded binaries on a machine, (vi) fraction of unsigned binaries on a machine and (vii) travel history of the machine based on number of ISPs from whom the machine connected to the Internet.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Anderson RJ (1993) Why cryptosystems fail. In: Denning DE, Pyle R, Ganesan R, Sandhu RS, Ashby V (eds) ACM Conference on Computer and Communications Security, pp 215–227
Clark S, Goodspeed T, Metzger P, Wasserman Z, Xu K, Blaze M (2011) Why (special agent) Johnny (still) can’t encrypt: a security analysis of the APCO project 25 two-way radio system. In: Proceedings of the 20th USENIX conference on Security, pp 4–4, USENIX Assoc
Whitten A, Tygar JD (1999) Why Johnny can’t encrypt: A usability evaluation of PGP 5.0. In: Proceedings of the 8th USENIX Security Symposium, vol 99, McGraw-Hill, New York
Schneier B. Semantic attacks: The third wave of network attacks. https://www.schneier.com/crypto-gram-0010.html#1
Grier C, Ballard L, Caballero J, Chachra N, Dietrich CJ, Levchenko K, Mavrommatis P, McCoy D, Nappa A, Pitsillidis A, Provos N, Rafique MZ, Rajab MA, Rossow C, Thomas K, Paxson V, Savage S, Voelker GM (2012) Manufacturing compromise: the emergence of exploit-as-a-service. In: Yu T, Danezis G, Gligor VD (eds) ACM Conference on Computer and Communications Security, pp 821–832
Dumitras T, Shou D (2011) Toward a standard benchmark for computer security research: The Worldwide Intelligence Network Environment (WINE). In: EuroSys BADGERS Workshop, Salzburg, Austria, Apr 2011
Symantec Corporation (2012) Symantec Internet security threat report, vol 17. http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_2011_21239364.en-us.pdf, April 2012
Chau DH, Nachenberg C, Wilhelm J, Wright A, Faloutsos C (2010) Polonium: Tera-scale graph mining for malware detection. In: Proceedings of the second workshop on Large-scale Data Mining: Theory and Applications (LDMTA 2010), Washington, DC, vol 25
Rajab MA, Ballard L, Lutz N, Mavrommatis P, Provos N (2013) CAMP: Content-agnostic malware protection. In: Network and Distributed System Security (NDSS) Symposium, San Diego, CA
Cowan C (2013) Windows 8 security: Supporting user confidence. USENIX Security Symposium, invited talk, Aug 2013
Manadhata PK, Wing JM (2011) An attack surface metric. IEEE Trans. Software Eng., 37(3):371–386
Papalexakis EE, Dumitras T, Chau DH, Prakash BA, Faloutsos C (2013) Spatio-temporal mining of software adoption & penetration. In: 2013 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining
Bono S, Caselden D, Landau G, Miller C (2009) Reducing the attack surface in massively multiplayer online role-playing games. Security & Privacy, IEEE, 7(3):13–19
A.V.R. Group (2013) AVG insight: 90% of game hacks infected with malware. http://blogs.avg.com/news-threats/avg-insight-90-game-hacks-infected-malware/, Apr 2013
Mandiant (2013). APT1: Exposing one of china’s cyber espionage units. Mandiant Whitepaper, Feb 2013
O’Gorman G, McDonald G (2012) The Elderwood project. Symantec Whitepaper, Oct 2012
Leach J (2003) Improving user security behaviour. Computers & Security, 22(8):685–692
Abraham S, Chengalur-Smith I (2010) An overview of social engineering malware: Trends, tactics, and implications. Technology in Society, 32(3):183–196
Nataraj L, Karthikeyan S, Jacob G, Manjunath BS (2011) Malware images: visualization and automatic classification. In: ACM Proceedings of the 8th International Symposium on Visualization for Cyber Security, VizSec ’11, pp 4:1–4:7
Carlinet L, Me L, Debar H, Gourhant Y (2008) Analysis of computer infection risk factors based on customer network usage. In Emerging Security Information, Systems and Technologies, 2008. SECURWARE Aug 2008. Second International Conference on, pp 317–325
Lalonde L’evesque F, Nsiempba J, Fernandez JM, Chiasson S, Somayaji A (2013) A clinical study of risk factors related to malware infections. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer Communications Security, CCS ’13, New York, NY, USA, pp 97–108
Staniford S, Moore D, Paxson V, Weaver N (2004) The top speed of flash worms. In: Proceedings of the 2004 ACM workshop on Rapid malcode, WORM ’04, New York, NY, USA, pp 33–42
Staniford S, Paxson V, Weaver N (2002) How to own the internet in your spare time. In: Proceedings of the 11th USENIX Security Symposium, Berkeley, CA, USA, pp 149–167, USENIX Assoc
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Subrahmanian, V.S., Ovelgönne, M., Dumitras, T., Prakash, B.A. (2015). Human Behavior and Susceptibility to Cyber-Attacks. In: The Global Cyber-Vulnerability Report. Terrorism, Security, and Computation. Springer, Cham. https://doi.org/10.1007/978-3-319-25760-0_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-25760-0_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-25758-7
Online ISBN: 978-3-319-25760-0
eBook Packages: Computer ScienceComputer Science (R0)