[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/2508859.2516747acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

A clinical study of risk factors related to malware infections

Published: 04 November 2013 Publication History

Abstract

The success of malicious software (malware) depends upon both technical and human factors. The most security conscious users are vulnerable to zero-day exploits; the best security mechanisms can be circumvented by poor user choices. While there has been significant research addressing the technical aspects of malware attack and defense, there has been much less research reporting on how human behavior interacts with both malware and current malware defenses.
In this paper we describe a proof-of-concept field study designed to examine the interactions between users, anti-virus (anti-malware) software, and malware as they occur on deployed systems. The 4-month study, conducted in a fashion similar to the clinical trials used to evaluate medical interventions, involved 50 subjects whose laptops were instrumented to monitor possible infections and gather data on user behavior. Although the population size was limited, this initial study produced some intriguing, non-intuitive insights into the efficacy of current defenses, particularly with regards to the technical sophistication of end users. We assert that this work shows the feasibility and utility of testing security software through long-term field studies with greater ecological validity than can be achieved through other means.

References

[1]
F. Asgharpour, D. Liu, and L. J. Camp. Mental models of computer security risks. In Workshop on the Economics of Information Security (WEIS), 2007.
[2]
AV Comparatives. File detection test of malicious software. Technical report, AV Comparatives, 2013.
[3]
D. Botta, R. Werlinger, A. Gagne, K. Beznosov, L. Iverson, S. Fels, and B. Fisher. Towards understanding IT security professionals and their tools. In ACM Symposium on Usable Privacy and Security (SOUPS), pages 100--111, 2007.
[4]
J. Canto, M. Dacier, E. Kirda, and C. Leita. Large scale malware collection: lessons learned. In IEEE SRDS Workshop on Sharing Field Data and Experiment Measurements on Resilience of Distributed Computing Systems, 2008.
[5]
A. De Luca, M. Langheinrich, and H. Hussmann. Towards understanding ATM security: a field study of real world ATM use. In ACM Symposium on Usable Privacy and Security (SOUPS), 2010.
[6]
Eurostat. Nearly one third of internet users in the EU27 caught a computer virus. http://epp.eurostat.ec.europa.eu/cache/ITY_PUBLIC/4-07022011-AP/EN/4-07022011-AP-EN.PDF, February 2011.
[7]
I. Gashi, V. Stankovic, C. Leita, and O. Thonnard. An experimental study of diversity with off-the-shelf antivirus engines. In IEEE International Symposium on Network Computing and Applications (NCA), 2009.
[8]
S. Gordon and R. Ford. Real world anti-virus product reviews and evaluations: the current state of affairs. In National Information Systems Security Conference, 1996.
[9]
D. Harley and A. Lee. Who will test the testers. In 18th Virus Bulletin International Conference, pages 199--207, 2008.
[10]
J. Kephart and S. White. Directed-graph epidemiological models of computer viruses. In IEEE Symposium on Security and Privacy, 1991.
[11]
S. Kondakci. Epidemic state analysis of computers under malware attacks. Modelling Practice and Theory, 16:571--584, 2008.
[12]
P. Kosinar, J. Malcho, R. Marko, and D. Harley. AV testing exposed. In 20th Virus Bulletin International Conference, 2010.
[13]
F. Lalonde-Levesque. Evaluation d'un produit de securite par essai clinique. Master's thesis, Ecole Polytechnique de Montreal, August 2013.
[14]
F. Lalonde-Levesque, C. Davis, J. Fernandez, S. Chiasson, and A. Somayaji. Methodology for a field study of anti-malware software. In Workshop on Usable Security (USEC), pages 80--85. LNCS, 2012.
[15]
F. Lalonde-Levesque, C. Davis, J. Fernandez, and A. Somayaji. Evaluating antivirus products with field studies. In 22th Virus Bulletin International Conference, pages 87--94, September 2012.
[16]
G. R. Milne, L. I. Labrecque, and C. Cromer. Toward an understanding of the online consumer's risky behavior and protection practices. Journal of Consumer Affairs, 43:449--473, 2009.
[17]
F. T. Ngo and R. Paternoster. Cybercrime victimization: An examination of individual and situational level factors. International Journal of Cyber Criminology, 5(1):773--793, 2011.
[18]
Panda Security Labs. Panda Labs quarterly report January - March 2012. http://press.pandasecurity.com/wp-content/uploads/2012/05/Quarterly-Report-PandaLabs-January-March-2012. pdf, 2012.
[19]
PC Security Labs. Security solution review on Windows 8 platform. Technical report, PC Security Labs, 2013.
[20]
J. A. Rode. Digital parenting: designing children's safety. In British Human Computer Interaction Conference (British HCI), pages 244--251, 2009.
[21]
S. Sheng, M. Holbrook, P. Kumaraguru, L. F. Cranor, and J. Downs. Who falls for phish? A demographic analysis of phishing susceptibility and effectiveness of interventions. In ACM Conference on Human Factors in Computing Systems (CHI), pages 373{382, 2010.
[22]
R. Shyamasundar, H. Shah, and N. Kumar. Malware: from modelling to practical detection. Distributed Computing and Internet Technology, pages 21--39, 2010.
[23]
K. Solic and V. Ilakovac. Security perception of a portable PC user (the difference between medical doctors and engineers): A pilot study. In Medicinski Glasnik, volume 6, pages 261--264, 2009.
[24]
A. Somayaji, Y. Li, H. Inoue, J. Fernandez, and R. Ford. Evaluating security products with clinical trials. In USENIX Workshop on Cyber Security Experimentation and Test (CSET), 2009.
[25]
SurfRight. 32% of computers still infected, despite presence of antivirus program. http://www.surfright.nl/en/home/press/32-percent-infected-despite-antivirus, 2009.
[26]
Trend Micro. Website classiffcation. http://solutionfile.trendmicro.com/solutionfile/ Consumer/new-web-classification.html, 2012.
[27]
J. Vrabec and D. Harley. Real performance? In EICAR Annual Conference, 2010.
[28]
R. Wash. Folk models of home computer security. In ACM Symposium on Usable Privacy and Security (SOUPS), page 11, 2010.

Cited By

View all
  • (2024)A Case-Control Study to Measure Behavioral Risks of Malware Encounters in OrganizationsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.345696019(9419-9432)Online publication date: 2024
  • (2024)Unveiling the Connection Between Malware and Pirated Software in Southeast Asian Countries: A Case StudyIEEE Open Journal of the Computer Society10.1109/OJCS.2024.33645765(62-72)Online publication date: 2024
  • (2024)Is cyber hygiene a remedy to IPTV infringement? A study of online streaming behaviours and cyber security practicesInternational Journal of Information Security10.1007/s10207-024-00824-023:3(1913-1926)Online publication date: 6-Mar-2024
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
November 2013
1530 pages
ISBN:9781450324779
DOI:10.1145/2508859
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 November 2013

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. anti-virus evaluation
  2. clinical trial
  3. field study
  4. malware infection
  5. risk factors
  6. user behavior

Qualifiers

  • Research-article

Conference

CCS'13
Sponsor:

Acceptance Rates

CCS '13 Paper Acceptance Rate 105 of 530 submissions, 20%;
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)43
  • Downloads (Last 6 weeks)2
Reflects downloads up to 19 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2024)A Case-Control Study to Measure Behavioral Risks of Malware Encounters in OrganizationsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.345696019(9419-9432)Online publication date: 2024
  • (2024)Unveiling the Connection Between Malware and Pirated Software in Southeast Asian Countries: A Case StudyIEEE Open Journal of the Computer Society10.1109/OJCS.2024.33645765(62-72)Online publication date: 2024
  • (2024)Is cyber hygiene a remedy to IPTV infringement? A study of online streaming behaviours and cyber security practicesInternational Journal of Information Security10.1007/s10207-024-00824-023:3(1913-1926)Online publication date: 6-Mar-2024
  • (2023)Introduction to RansomwarePerspectives on Ethical Hacking and Penetration Testing10.4018/978-1-6684-8218-6.ch006(139-170)Online publication date: 30-Jun-2023
  • (2023)Infection Risk Prediction and ManagementEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-642-27739-9_1634-1(1-5)Online publication date: 9-Mar-2023
  • (2022)Protection of Critical Infrastructure Using an Integrated Cybersecurity Risk Management (i-CSRM) Framework5G Internet of Things and Changing Standards for Computing and Electronic Systems10.4018/978-1-6684-3855-8.ch004(94-133)Online publication date: 3-Jun-2022
  • (2022)Computer Malware Classification, Factors, and Detection Techniques: A Systematic Literature Review (SLR)International Journal of Innovations in Science and Technology10.33411/IJIST/20220403204:3(899-918)Online publication date: 29-Aug-2022
  • (2022)Shedding Light on the Targeted Victim Profiles of Malicious DownloadersProceedings of the 17th International Conference on Availability, Reliability and Security10.1145/3538969.3544435(1-10)Online publication date: 23-Aug-2022
  • (2022)Metrics for Assessing Security of System-on-Chip2022 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)10.1109/HOST54066.2022.9839854(113-116)Online publication date: 27-Jun-2022
  • (2022)Toward a Better Understanding of Mobile Users’ Behavior: A Web Session Repair SchemeIEEE Access10.1109/ACCESS.2022.320640210(99931-99943)Online publication date: 2022
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media