Harvesting the low-hanging fruits: defending against automated large-scale cyber-intrusions by focusing on the vulnerable population
作者: Hassan Halawa , Konstantin Beznosov , Yazan Boshmaf , Baris Coskun , Matei Ripeanu
关键词:
摘要: The orthodox paradigm to defend against automated social-engineering attacks in large-scale socio-technical systems is reactive and victim-agnostic. Defenses generally focus on identifying the attacks/attackers (e.g., phishing emails, social-bot infiltrations, malware offered for download). To change status quo, we propose identify, even if imperfectly, vulnerable user population, that is, users are likely fall victim such attacks. Once identified, information about population can be used two ways. First, influenced by defender through several means including: education, specialized experience, extra protection layers watchdogs. In same vein, ultimately fine-tune reprioritize defense mechanisms offer differentiated protection, possibly at cost of additional friction generated mechanism. Secondly, identify an attack (or compromised users) based differences between general population. This paper considers implications proposed existing defenses three areas (phishing credentials, distribution socialbot infiltration) discusses how using knowledge enable more robust defenses.
acm.org
ai.google 参考文章(86)
Jose Nazario, PhoneyC: a virtual client honeypot usenix conference on large scale exploits and emergent threats. pp. 6- 6 ,(2009)
Matthew M. Williamson, Dan Twining, Maher Rahmouni, Miranda J. F. Mowbray, Email prioritization: reducing delays on legitimate mail caused by junk mail usenix annual technical conference. pp. 4- 4 ,(2004)
Zhuoqing Morley Mao, Yinglian Xie, Zhiyun Qian, Fang Yu, On Network-level Clusters for Spam Detection. network and distributed system security symposium. ,(2010)
Sajjan Shiva, Chris Simmons, Dipankar Dasgupta, Qishi Wu, Charles Ellis, AVOIDIT: A Cyber Attack Taxonomy CTIT technical reports series. ,(2009)
Konstantin Beznosov, Ildar Muslukhov, Yazan Boshmaf, Matei Ripeanu, Key challenges in defending against malicious socialbots usenix conference on large scale exploits and emergent threats. pp. 12- 12 ,(2012)
Yang Liu, Armin Sarabi, Jing Zhang, Parinaz Naghizadeh, Manish Karir, Michael Bailey, Mingyan Liu, None, Cloudy with a chance of breach: forecasting cyber security incidents usenix security symposium. pp. 1009- 1024 ,(2015)
Kyle Soska, Nicolas Christin, Automatically detecting vulnerable websites before they turn malicious usenix security symposium. pp. 625- 640 ,(2014)
A.H. Sung, J. Xu, P. Chavez, S. Mukkamala, Static analyzer of vicious executables (SAVE) annual computer security applications conference. pp. 326- 334 ,(2004) , 10.1109/CSAC.2004.37
Sumeet Dua, Xian Du, None, Data Mining and Machine Learning in Cybersecurity Auerbach Publications. ,(2011) , 10.1201/B10867
M. Chandrasekaran, R. Chinchani, S. Upadhyaya, PHONEY: mimicking user response to detect phishing attacks world of wireless, mobile and multimedia networks. pp. 668- 672 ,(2006) , 10.1109/WOWMOM.2006.87