research-article

Public Access

Understanding the Relationship between Human Behavior and Susceptibility to Cyber Attacks: A Data-Driven Approach

Authors:

Michael Ovelgönne,

Tudor Dumitraş,

B. Aditya Prakash,

V. S. Subrahmanian,

Benjamin WangAuthors Info & Claims

ACM Transactions on Intelligent Systems and Technology (TIST), Volume 8, Issue 4

Article No.: 51, Pages 1 - 25

https://doi.org/10.1145/2890509

Published: 22 March 2017 Publication History

Abstract

Despite growing speculation about the role of human behavior in cyber-security of machines, concrete data-driven analysis and evidence have been lacking. Using Symantec’s WINE platform, we conduct a detailed study of 1.6 million machines over an 8-month period in order to learn the relationship between user behavior and cyber attacks against their personal computers. We classify users into 4 categories (gamers, professionals, software developers, and others, plus a fifth category comprising everyone) and identify a total of 7 features that act as proxies for human behavior. For each of the 35 possible combinations (5 categories times 7 features), we studied the relationship between each of these seven features and one dependent variable, namely the number of attempted malware attacks detected by Symantec on the machine. Our results show that there is a strong relationship between several features and the number of attempted malware attacks. Had these hosts not been protected by Symantec’s anti-virus product or a similar product, they would likely have been infected. Surprisingly, our results show that software developers are more at risk of engaging in risky cyber-behavior than other categories.

References

[1]

Sherly Abraham and InduShobha Chengalur-Smith. 2010. An overview of social engineering malware: Trends, tactics, and implications. Technol. Soc. 32, 3 (2010), 183--196.

[2]

Mustaque Ahamad, Dave Amster, Michael Barrett, Tom Cross, George Heron, Don Jackson, Jeff King, Wenke Lee, Ryan Naraine, Gunter Ollmann, et al. 2008. Emerging cyber threats report for 2009. (2008).

[3]

Ross J. Anderson. 1993. Why cryptosystems fail. In Proceedings of the ACM Conference on Computer and Communications Security, Dorothy E. Denning, Raymond Pyle, Ravi Ganesan, Ravi S. Sandhu, and Victoria Ashby (Eds.). ACM, 215--227.

Digital Library

[4]

Stephen Bono, Dan Caselden, Gabriel Landau, and Charlie Miller. 2009. Reducing the attack surface in massively multiplayer online role-playing games. IEEE Secur. Priv. 7, 3 (2009), 13--19.

Digital Library

[5]

L. Carlinet, L. Me, H. Debar, and Y. Gourhant. 2008. Analysis of computer infection risk factors based on customer network usage. In Proceedings of the 2nd International Conference on Emerging Security Information, Systems and Technologies, 2008 (SECURWARE’08). 317--325.

Digital Library

[6]

Duen Horng Chau, Carey Nachenberg, Jeffrey Wilhelm, Adam Wright, and Christos Faloutsos. 2010. Polonium: Tera-scale graph mining for malware detection. In Proceedings of the 2nd Workshop on Large-scale Data Mining: Theory and Applications (LDMTA 2010), Vol. 25.

[7]

Sandy Clark, Travis Goodspeed, Perry Metzger, Zachary Wasserman, Kevin Xu, and Matt Blaze. 2011. Why (special agent) Johnny (still) can’t encrypt: A security analysis of the APCO project 25 two-way radio system. In Proceedings of the 20th USENIX Conference on Security. USENIX Association, 4--4.

Digital Library

[8]

Crispin Cowan. 2013. Windows 8 Security: Supporting User Confidence. USENIX Security Symposium (August 2013).

[9]

Mache Creeger, Charles Reis, Adam Barth, Carlos Pizano, Niels Provos, Moheeb Abu Rajab, Panayiotis Mavrommatis, Thomas Wadlow, and Vlad Gorelik. 2010. CTO roundtable: Malware defense overview. Queue 8, 2 (2010), 50.

Digital Library

[10]

Robert E. Crossler, Allen C. Johnston, Paul Benjamin Lowry, Qing Hu, Merrill Warkentin, and Richard Baskerville. 2013. Future directions for behavioral information security research. Comput. Secur. 32 (2013), 90--101.

[11]

Tudor Dumitraş and Darren Shou. 2011. Toward a standard benchmark for computer security research: The worldwide intelligence network environment (WINE). In Proceedings of the EuroSys BADGERS Workshop. Salzburg, Austria.

Digital Library

[12]

Chris Grier, Lucas Ballard, Juan Caballero, Neha Chachra, Christian J. Dietrich, Kirill Levchenko, Panayiotis Mavrommatis, Damon McCoy, Antonio Nappa, Andreas Pitsillidis, Niels Provos, M. Zubair Rafique, Moheeb Abu Rajab, Christian Rossow, Kurt Thomas, Vern Paxson, Stefan Savage, and Geoffrey M. Voelker. 2012. Manufacturing compromise: The emergence of exploit-as-a-service. In ACM Conference on Computer and Communications Security, Ting Yu, George Danezis, and Virgil D. Gligor (Eds.). ACM, 821--832.

Digital Library

[13]

AVG Viruslab Research Group. 2013. AVG Insight: 90&percnt; of game hacks infected with malware. Retrieved from http://blogs.avg.com/news-threats/avg-insight-90-game-hacks-infected-malware/.

[14]

Paul S. Henry and Hui Luo. 2002. WiFi: What’s next? IEEE Commun. Mag. 40, 12 (2002), 66--72.

Digital Library

[15]

Hao Hu, Steven Myers, Vittoria Colizza, and Alessandro Vespignani. 2009. WiFi networks and malware epidemiology. Proc. Natl. Acad. Sci. 106, 5 (2009), 1318--1323.

[16]

Princely Ifinedo. 2012. Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory. Comput. Secur. 31, 1 (2012), 83--95.

Digital Library

[17]

Allen C. Johnston and Merrill Warkentin. 2010. Fear appeals and information security behaviors: An empirical study. MIS Quart. 34, 3 (2010), 549--566.

Digital Library

[18]

Chanhyun Kang, Noseong Park, B. Aditya Prakash, Edoardo Serra, and V. S. Subrahmanian. 2016. Ensemble models for data-driven prediction of malware infections. In Proceedings of the 2016 ACM International Conference on Web Search and Data Mining. ACM.

Digital Library

[19]

Fanny Lalonde Lévesque, Jude Nsiempba, José M. Fernandez, Sonia Chiasson, and Anil Somayaji. 2013. A clinical study of risk factors related to malware infections. In Proceedings of the 2013 ACM SIGSAC Conference on Computer 8#38; Communications Security (CCS’13). ACM, New York, NY, 97--108.

Digital Library

[20]

John Leach. 2003. Improving user security behaviour. Comput. Secur. 22, 8 (2003), 685--692.

Digital Library

[21]

Pratyusa K. Manadhata and Jeannette M. Wing. 2011. An attack surface metric. IEEE Trans. Softw. Eng. 37, 3 (2011), 371--386.

Digital Library

[22]

Mandiant. 2013. APT1: Exposing One of China’s Cyber Espionage Units. Mandiant Whitepaper. (Feb. 2013).

[23]

L. Nataraj, S. Karthikeyan, G. Jacob, and B. S. Manjunath. 2011. Malware images: Visualization and automatic classification. In Proceedings of the 8th International Symposium on Visualization for Cyber Security (VizSec’11). ACM.

Digital Library

[24]

Jarno Niemelä. 2010. It’s signed, therefore it’s clean, right? CARO 2010 (2010).

[25]

Aikaterinaki Niki. 2009. Drive-by download attacks: Effects and detection measures. In Proceedings of the IT Security Conference for the Next Generation.

[26]

Gavin O’Gorman and Geoff McDonald. 2012. The Elderwood Project. Symantec Whitepaper. (Oct. 2012).

[27]

Evangelos E. Papalexakis, Tudor Dumitras, Duen Horng Chau, B. Aditya Prakash, and Christos Faloutsos. 2013. Spatio-temporal mining of software adoption 8 penetration. In Proceedings of the 2013 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining.

Digital Library

[28]

Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang, Nagendra Modadugu, and others. 2007. The ghost in the browser analysis of web-based malware. In Proceedings of the 1st Conference on First Workshop on Hot Topics in Understanding Botnets, Vol. 10. 4--4.

Digital Library

[29]

Moheeb Abu Rajab, Lucas Ballard, Noé Lutz, Panayiotis Mavrommatis, and Niels Provos. 2013. CAMP: Content-agnostic malware protection. In Proceedings of the Network and Distributed System Security (NDSS) Symposium. San Diego, CA.

[30]

Bruce Schneier. 2000. Semantic attacks: The third wave of network attacks. Retrieved from https://www.schneier.com/crypto-gram-0010.html#1.

[31]

Steve Sheng, Mandy Holbrook, Ponnurangam Kumaraguru, Lorrie Faith Cranor, and Julie Downs. 2010. Who falls for phish?: A demographic analysis of phishing susceptibility and effectiveness of interventions. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 373--382.

Digital Library

[32]

Frank Stajano and Paul Wilson. 2011. Understanding scam victims: Seven principles for systems security. Commun. ACM 54, 3 (2011), 70--75.

Digital Library

[33]

Stuart Staniford, David Moore, Vern Paxson, and Nicholas Weaver. 2004. The top speed of flash worms. In Proceedings of the 2004 ACM Workshop on Rapid Malcode (WORM’04). ACM, New York, NY, 33--42.

Digital Library

[34]

Stuart Staniford, Vern Paxson, and Nicholas Weaver. 2002. How to own the internet in your spare time. In Proceedings of the 11th USENIX Security Symposium. USENIX Association, Berkeley, CA, 149--167.

Digital Library

[35]

Symantec Corporation. 2012. Symantec Internet Security Threat Report, Volume 17. Retrieved from http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_2011_21239364.en-us.pdf.

[36]

Alma Whitten and J. Doug Tygar. 1999. Why Johnny can’t encrypt: A usability evaluation of PGP 5.0. In Proceedings of the 8th USENIX Security Symposium, Vol. 99. McGraw-Hill.

Digital Library

Cited By

Chrysanthou APantis YPatsakis C(2024)The anatomy of deception: Measuring technical and human factors of a large-scale phishing campaignComputers & Security10.1016/j.cose.2024.103780140(103780)Online publication date: May-2024
https://doi.org/10.1016/j.cose.2024.103780
Abu Al-Haija QJebril N(2023)Introduction to RansomwarePerspectives on Ethical Hacking and Penetration Testing10.4018/978-1-6684-8218-6.ch006(139-170)Online publication date: 30-Jun-2023
https://doi.org/10.4018/978-1-6684-8218-6.ch006
van ’t Hoff-de Goede Mvan de Weijer SLeukfeldt R(2023)Explaining cybercrime victimization using a longitudinal population-based survey experiment. Are personal characteristics, online routine activities, and actual self-protective online behavior related to future cybercrime victimization?Journal of Crime and Justice10.1080/0735648X.2023.2222719(1-20)Online publication date: 13-Jun-2023
https://doi.org/10.1080/0735648X.2023.2222719
Show More Cited By

Index Terms

Understanding the Relationship between Human Behavior and Susceptibility to Cyber Attacks: A Data-Driven Approach

Recommendations

Technological and Human Factors of Malware Attacks: A Computer Security Clinical Trial Approach

The success (or failure) of malware attacks depends upon both technological and human factors. The most security-conscious users are susceptible to unknown vulnerabilities, and even the best security mechanisms can be circumvented as a result of user ...
Towards Understanding Malware Behaviour by the Extraction of API Calls
CTC '10: Proceedings of the 2010 Second Cybercrime and Trustworthy Computing Workshop

One of the recent trends adopted by malware authors is to use packers or software tools that instigate code obfuscation in order to evade detection by antivirus scanners. With evasion techniques such as polymorphism and metamorphism malware is able to ...
Rootkits and Their Effects on Information Security

A rootkit is cloaked software that infiltrates an operating system or a database with the intention to escape detection, resist removal, and perform a specific operation. Many rootkits are designed to invade the "root," or kernel, of the program, and ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Intelligent Systems and Technology

ACM Transactions on Intelligent Systems and Technology Volume 8, Issue 4

Special Issue: Cyber Security and Regular Papers

July 2017

288 pages

ISSN:2157-6904

EISSN:2157-6912

DOI:10.1145/3055535

Editor:
Yu Zheng
Microsoft Research, China

Issue’s Table of Contents

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 March 2017

Accepted: 01 January 2016

Revised: 01 December 2015

Received: 01 March 2015

Published in TIST Volume 8, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

ARO
ONR
Maryland Procurement Office under Contract

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

28
Total Citations
View Citations
3,282
Total Downloads

Downloads (Last 12 months)465
Downloads (Last 6 weeks)38

Reflects downloads up to 11 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Chrysanthou APantis YPatsakis C(2024)The anatomy of deception: Measuring technical and human factors of a large-scale phishing campaignComputers & Security10.1016/j.cose.2024.103780140(103780)Online publication date: May-2024
https://doi.org/10.1016/j.cose.2024.103780
Abu Al-Haija QJebril N(2023)Introduction to RansomwarePerspectives on Ethical Hacking and Penetration Testing10.4018/978-1-6684-8218-6.ch006(139-170)Online publication date: 30-Jun-2023
https://doi.org/10.4018/978-1-6684-8218-6.ch006
van ’t Hoff-de Goede Mvan de Weijer SLeukfeldt R(2023)Explaining cybercrime victimization using a longitudinal population-based survey experiment. Are personal characteristics, online routine activities, and actual self-protective online behavior related to future cybercrime victimization?Journal of Crime and Justice10.1080/0735648X.2023.2222719(1-20)Online publication date: 13-Jun-2023
https://doi.org/10.1080/0735648X.2023.2222719
Keshavarzi MGhaffary H(2023)An ontology-driven framework for knowledge representation of digital extortion attacksComputers in Human Behavior10.1016/j.chb.2022.107520139:COnline publication date: 20-Jan-2023
https://dl.acm.org/doi/10.1016/j.chb.2022.107520
Baraković SBaraković Husić J(2022)Cyber hygiene knowledge, awareness, and behavioral practices of university studentsInformation Security Journal: A Global Perspective10.1080/19393555.2022.208842832:5(347-370)Online publication date: 28-Jun-2022
https://doi.org/10.1080/19393555.2022.2088428
Fuertes WArévalo DCastro JRon MEstrada CAndrade RPeña FBenavides E(2021)Impact of Social Engineering Attacks: A Literature ReviewDevelopments and Advances in Defense and Security10.1007/978-981-16-4884-7_3(25-35)Online publication date: 29-Oct-2021
https://doi.org/10.1007/978-981-16-4884-7_3
Setayeshfar ORhee JKim CLee K(2021)Find My Sloths: Automated Comparative Analysis of How Real Enterprise Computers Keep Up with the Software Update RacesDetection of Intrusions and Malware, and Vulnerability Assessment10.1007/978-3-030-80825-9_11(215-236)Online publication date: 14-Jul-2021
https://dl.acm.org/doi/10.1007/978-3-030-80825-9_11
van ’t Hoff-de Goede MLeukfeldt Evan der Kleij Rvan de Weijer S(2021)The Online Behaviour and Victimization Study: The Development of an Experimental Research Instrument for Measuring and Explaining Online Behaviour and Cybercrime VictimizationCybercrime in Context10.1007/978-3-030-60527-8_3(21-41)Online publication date: 4-May-2021
https://doi.org/10.1007/978-3-030-60527-8_3
Mohamed NAl-Jaroodi JJawhar I(2020)Cyber–Physical Systems Forensics: Today and TomorrowJournal of Sensor and Actuator Networks10.3390/jsan90300379:3(37)Online publication date: 5-Aug-2020
https://doi.org/10.3390/jsan9030037
Montañez RGolob EXu S(2020)Human Cognition Through the Lens of Social Engineering CyberattacksFrontiers in Psychology10.3389/fpsyg.2020.0175511Online publication date: 30-Sep-2020
https://doi.org/10.3389/fpsyg.2020.01755
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents