Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting
作者: Samaneh Tajalizadehkhoob , Tom Van Goethem , Maciej Korczyński , Arman Noroozian , Rainer Böhme
关键词:
摘要: Hosting providers play a key role in fighting web compromise, but their ability to prevent abuse is constrained by the security practices of own customers. Shared hosting, offers unique perspective since customers operate under restricted privileges and retain more control over configurations. We present first empirical analysis distribution features software patching shared hosting providers, influence on these practices, impact compromise rates. construct provider-level global market for -- containing 1,259 gathering indicators from 442,684 domains. Exploratory factor 15 identifies four main latent factors that capture efforts: content security, webmaster infrastructure application security. confirm, via fixed-effect regression model, exert significant latter two factors, which are both related stack environment. Finally, means GLM phishing malware abuse, we show explain between 10% 19% variance at after controlling size. For web-application instance, found when provider moves bottom best-performing 10%, it would experience 4 times fewer incidents. have patch levels--even higher stack, where CMSes can run as client-side software--and this tied substantial reduction levels.
arxiv.org
tudelft.nl参考文章(41)
Marie Vasek, Tyler Moore, Do malware reports expedite cleanup? an experimental study CSET'12 Proceedings of the 5th USENIX conference on Cyber Security Experimentation and Test. pp. 6- 6 ,(2012)
Leandre R. Fabrigar, Duane T. Wegener, Exploratory Factor Analysis Oxford University Press. ,(2011) , 10.1093/ACPROF:OSOBL/9780199734177.001.0001
Tom van Goethem, Ping Chen, Nick Nikiforakis, Lieven Desmet, Wouter Joosen, Large-Scale Security Analysis of the Web: Challenges and Findings trust and trustworthy computing. ,vol. 7, pp. 110- 126 ,(2014) , 10.1007/978-3-319-08593-7_8
Steven Cheung, Alfonso Valdes, Malware characterization through alert pattern discovery usenix conference on large scale exploits and emergent threats. pp. 2- 2 ,(2009)
Kyle Soska, Nicolas Christin, Automatically detecting vulnerable websites before they turn malicious usenix security symposium. pp. 625- 640 ,(2014)
Antonio Nappa, M. Zubair Rafique, Juan Caballero, Driving in the cloud: an analysis of drive-by download operations and abuse reporting international conference on detection of intrusions and malware and vulnerability assessment. pp. 1- 20 ,(2013) , 10.1007/978-3-642-39235-1_1
Hadi Asghari, Shirin Tabatabaie, David Rand, Johannes M. Bauer, Michel van Eeten, The Role of Internet Service Providers in Botnet Mitigation an Empirical Analysis Based on Spam Data Social Science Research Network. ,(2010)
Davide Canali, Davide Balzarotti, Aurélien Francillon, The role of web hosting providers in detecting compromised websites Proceedings of the 22nd international conference on World Wide Web - WWW '13. pp. 177- 188 ,(2013) , 10.1145/2488388.2488405
Damon McCoy, Hitesh Dharmdasani, Christian Kreibich, Geoffrey M. Voelker, Stefan Savage, Priceless Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12. pp. 845- 856 ,(2012) , 10.1145/2382196.2382285
Sebastian Lekies, Ben Stock, Martin Johns, 25 million flows later: large-scale detection of DOM-based XSS computer and communications security. pp. 1193- 1204 ,(2013) , 10.1145/2508859.2516703