Harvesting the low-hanging fruits: Defending against automated large-scale cyber-intrusions by focusing on the vulnerable population

Hassan Halawa, Konstantin Beznosov, Yazan Boshmaf, Baris Coskun, Matei Ripeanu, Elizeu Santos-Neto

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

The orthodox paradigm to defend against automated social-engineering attacks in large-scale socio-technical systems is reactive and victim-agnostic. Defenses generally focus on identifying the attacks/attackers (e.g., phishing emails, social-bot infiltrations, malware offered for download). To change the status quo, we propose to identify, even if imperfectly, the vulnerable user population, that is, the users that are likely to fall victim to such attacks. Once identified, information about the vulnerable population can be used in two ways. First, the vulnerable population can be influenced by the defender through several means including: education, specialized user experience, extra protection layers and watchdogs. In the same vein, information about the vulnerable population can ultimately be used to fine-tune and reprioritize defense mechanisms to offer differentiated protection, possibly at the cost of additional friction generated by the defense mechanism. Secondly, information about the user population can be used to identify an attack (or compromised users) based on differences between the general and the vulnerable population. This paper considers the implications of the proposed paradigm on existing defenses in three areas (phishing of user credentials, malware distribution and socialbot infiltration) and discusses how using knowledge of the vulnerable population can enable more robust defenses.

Original languageEnglish
Title of host publicationNSPW 2016 - Proceedings of the 2016 New Security Paradigms Workshop
PublisherAssociation for Computing Machinery
Pages11-22
Number of pages12
Volume26-29-September-2016
ISBN (Electronic)9781450348133
DOIs
Publication statusPublished - 26 Sep 2016
Event25th New Security Paradigms Workshop, NSPW 2016 - Granby, United States
Duration: 26 Sep 201629 Sep 2016

Other

Other25th New Security Paradigms Workshop, NSPW 2016
CountryUnited States
CityGranby
Period26/9/1629/9/16

Fingerprint

Fruits
Infiltration
Electronic mail
Education
Friction
Malware

Keywords

  • Cyber intrusions
  • Defense system design
  • Vulnerable population

ASJC Scopus subject areas

  • Human-Computer Interaction
  • Computer Networks and Communications
  • Computer Vision and Pattern Recognition
  • Software

Cite this

Halawa, H., Beznosov, K., Boshmaf, Y., Coskun, B., Ripeanu, M., & Santos-Neto, E. (2016). Harvesting the low-hanging fruits: Defending against automated large-scale cyber-intrusions by focusing on the vulnerable population. In NSPW 2016 - Proceedings of the 2016 New Security Paradigms Workshop (Vol. 26-29-September-2016, pp. 11-22). Association for Computing Machinery. https://doi.org/10.1145/3011883.3011885

Harvesting the low-hanging fruits : Defending against automated large-scale cyber-intrusions by focusing on the vulnerable population. / Halawa, Hassan; Beznosov, Konstantin; Boshmaf, Yazan; Coskun, Baris; Ripeanu, Matei; Santos-Neto, Elizeu.

NSPW 2016 - Proceedings of the 2016 New Security Paradigms Workshop. Vol. 26-29-September-2016 Association for Computing Machinery, 2016. p. 11-22.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Halawa, H, Beznosov, K, Boshmaf, Y, Coskun, B, Ripeanu, M & Santos-Neto, E 2016, Harvesting the low-hanging fruits: Defending against automated large-scale cyber-intrusions by focusing on the vulnerable population. in NSPW 2016 - Proceedings of the 2016 New Security Paradigms Workshop. vol. 26-29-September-2016, Association for Computing Machinery, pp. 11-22, 25th New Security Paradigms Workshop, NSPW 2016, Granby, United States, 26/9/16. https://doi.org/10.1145/3011883.3011885
Halawa H, Beznosov K, Boshmaf Y, Coskun B, Ripeanu M, Santos-Neto E. Harvesting the low-hanging fruits: Defending against automated large-scale cyber-intrusions by focusing on the vulnerable population. In NSPW 2016 - Proceedings of the 2016 New Security Paradigms Workshop. Vol. 26-29-September-2016. Association for Computing Machinery. 2016. p. 11-22 https://doi.org/10.1145/3011883.3011885
Halawa, Hassan ; Beznosov, Konstantin ; Boshmaf, Yazan ; Coskun, Baris ; Ripeanu, Matei ; Santos-Neto, Elizeu. / Harvesting the low-hanging fruits : Defending against automated large-scale cyber-intrusions by focusing on the vulnerable population. NSPW 2016 - Proceedings of the 2016 New Security Paradigms Workshop. Vol. 26-29-September-2016 Association for Computing Machinery, 2016. pp. 11-22
@inproceedings{fb6873ea55824adba4729e19cbab6caa,
title = "Harvesting the low-hanging fruits: Defending against automated large-scale cyber-intrusions by focusing on the vulnerable population",
abstract = "The orthodox paradigm to defend against automated social-engineering attacks in large-scale socio-technical systems is reactive and victim-agnostic. Defenses generally focus on identifying the attacks/attackers (e.g., phishing emails, social-bot infiltrations, malware offered for download). To change the status quo, we propose to identify, even if imperfectly, the vulnerable user population, that is, the users that are likely to fall victim to such attacks. Once identified, information about the vulnerable population can be used in two ways. First, the vulnerable population can be influenced by the defender through several means including: education, specialized user experience, extra protection layers and watchdogs. In the same vein, information about the vulnerable population can ultimately be used to fine-tune and reprioritize defense mechanisms to offer differentiated protection, possibly at the cost of additional friction generated by the defense mechanism. Secondly, information about the user population can be used to identify an attack (or compromised users) based on differences between the general and the vulnerable population. This paper considers the implications of the proposed paradigm on existing defenses in three areas (phishing of user credentials, malware distribution and socialbot infiltration) and discusses how using knowledge of the vulnerable population can enable more robust defenses.",
keywords = "Cyber intrusions, Defense system design, Vulnerable population",
author = "Hassan Halawa and Konstantin Beznosov and Yazan Boshmaf and Baris Coskun and Matei Ripeanu and Elizeu Santos-Neto",
year = "2016",
month = "9",
day = "26",
doi = "10.1145/3011883.3011885",
language = "English",
volume = "26-29-September-2016",
pages = "11--22",
booktitle = "NSPW 2016 - Proceedings of the 2016 New Security Paradigms Workshop",
publisher = "Association for Computing Machinery",

}

TY - GEN

T1 - Harvesting the low-hanging fruits

T2 - Defending against automated large-scale cyber-intrusions by focusing on the vulnerable population

AU - Halawa, Hassan

AU - Beznosov, Konstantin

AU - Boshmaf, Yazan

AU - Coskun, Baris

AU - Ripeanu, Matei

AU - Santos-Neto, Elizeu

PY - 2016/9/26

Y1 - 2016/9/26

N2 - The orthodox paradigm to defend against automated social-engineering attacks in large-scale socio-technical systems is reactive and victim-agnostic. Defenses generally focus on identifying the attacks/attackers (e.g., phishing emails, social-bot infiltrations, malware offered for download). To change the status quo, we propose to identify, even if imperfectly, the vulnerable user population, that is, the users that are likely to fall victim to such attacks. Once identified, information about the vulnerable population can be used in two ways. First, the vulnerable population can be influenced by the defender through several means including: education, specialized user experience, extra protection layers and watchdogs. In the same vein, information about the vulnerable population can ultimately be used to fine-tune and reprioritize defense mechanisms to offer differentiated protection, possibly at the cost of additional friction generated by the defense mechanism. Secondly, information about the user population can be used to identify an attack (or compromised users) based on differences between the general and the vulnerable population. This paper considers the implications of the proposed paradigm on existing defenses in three areas (phishing of user credentials, malware distribution and socialbot infiltration) and discusses how using knowledge of the vulnerable population can enable more robust defenses.

AB - The orthodox paradigm to defend against automated social-engineering attacks in large-scale socio-technical systems is reactive and victim-agnostic. Defenses generally focus on identifying the attacks/attackers (e.g., phishing emails, social-bot infiltrations, malware offered for download). To change the status quo, we propose to identify, even if imperfectly, the vulnerable user population, that is, the users that are likely to fall victim to such attacks. Once identified, information about the vulnerable population can be used in two ways. First, the vulnerable population can be influenced by the defender through several means including: education, specialized user experience, extra protection layers and watchdogs. In the same vein, information about the vulnerable population can ultimately be used to fine-tune and reprioritize defense mechanisms to offer differentiated protection, possibly at the cost of additional friction generated by the defense mechanism. Secondly, information about the user population can be used to identify an attack (or compromised users) based on differences between the general and the vulnerable population. This paper considers the implications of the proposed paradigm on existing defenses in three areas (phishing of user credentials, malware distribution and socialbot infiltration) and discusses how using knowledge of the vulnerable population can enable more robust defenses.

KW - Cyber intrusions

KW - Defense system design

KW - Vulnerable population

UR - http://www.scopus.com/inward/record.url?scp=85009152838&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85009152838&partnerID=8YFLogxK

U2 - 10.1145/3011883.3011885

DO - 10.1145/3011883.3011885

M3 - Conference contribution

AN - SCOPUS:85009152838

VL - 26-29-September-2016

SP - 11

EP - 22

BT - NSPW 2016 - Proceedings of the 2016 New Security Paradigms Workshop

PB - Association for Computing Machinery

ER -