Predicting Impending Exposure to Malicious Content from User Behavior
| Autor: | Nicolas Christin, Mahmood Sharif, Jumpei Urakawa, Akira Yamada, Ayumu Kubota |
|---|---|
| Rok vydání: | 2018 |
| Předmět: |
Computer science
Network security business.industry 020206 networking & telecommunications 02 engineering and technology Computer security computer.software_genre Moment (mathematics) 020204 information systems 0202 electrical engineering electronic engineering information engineering Session (computer science) business Content (Freudian dream analysis) computer |
| Zdroj: | CCS |
| DOI: | 10.1145/3243734.3243779 |
| Popis: | Many computer-security defenses are reactive---they operate only when security incidents take place, or immediately thereafter. Recent efforts have attempted to predict security incidents before they occur, to enable defenders to proactively protect their devices and networks. These efforts have primarily focused on long-term predictions. We propose a system that enables proactive defenses at the level of a single browsing session. By observing user behavior, it can predict whether they will be exposed to malicious content on the web seconds before the moment of exposure, thus opening a window of opportunity for proactive defenses. We evaluate our system using three months' worth of HTTP traffic generated by 20,645 users of a large cellular provider in 2017 and show that it can be helpful, even when only very low false positive rates are acceptable, and despite the difficulty of making "on-the-fly'' predictions. We also engage directly with the users through surveys asking them demographic and security-related questions, to evaluate the utility of self-reported data for predicting exposure to malicious content. We find that self-reported data can help forecast exposure risk over long periods of time. However, even on the long-term, self-reported data is not as crucial as behavioral measurements to accurately predict exposure. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|