Geri Dön

Increasing the impact of voluntary action against cybercrime

Başlık çevirisi mevcut değil.

PDF İndir

  1. Tez No: 721272
  2. Yazar: FEYZULLAH ORÇUN ÇETİN
  3. Danışmanlar: PROF. DR. M.J.G VAN EETEN
  4. Tez Türü: Doktora
  5. Konular: Bilgi ve Belge Yönetimi, Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve Kontrol, Savunma ve Savunma Teknolojileri, Information and Records Management, Computer Engineering and Computer Science and Control, Defense and Defense Technologies
  6. Anahtar Kelimeler: Belirtilmemiş.
  7. Yıl: 2020
  8. Dil: İngilizce
  9. Üniversite: Technische Universiteit Delft (Delft University of Technology)
  10. Enstitü: Yurtdışı Enstitü
  11. Ana Bilim Dalı: Belirtilmemiş.
  12. Bilim Dalı: Belirtilmemiş.
  13. Sayfa Sayısı: 235

Özet

Özet yok.

Özet (Çeviri)

Resources on the Internet allow constant communication and data sharing between Internet users. While these resources keep vital information flowing, cybercriminals can easily compromise and abuse them, using them as a platform for fraud and misuse. Every day, we observe millions of internet-connected resources are being abused in criminal activities, ranging from poorly-configured Internet of Things (IoT) devices recruited into flooding legitimate services' networks with unwanted Internet traffic or compromising legitimate websites to distribute malicious software that is designed to prevent access to victim's data or device until a ransom has been paid to the attacker. The Internet's decentralized architecture necessitates that defenders must voluntarily collaborate to combat cybercrime. While mandatory efforts may be necessary in some circumstances, the bulk of incident response will remain based on voluntary actions among thousands of Internet intermediaries, researchers and resource owners. These voluntary actions typically take the form of one party sending security notifications to another about potential security issues and asking them to act against it. Security notifications are intended to support and promote a wide range of feasible efforts, which aim to detect and mitigate millions of daily incidents and remediate underlying conditions. Despite its importance, voluntary action remains a poorly understood and significantly less investigated component of the fight against cybercrime. All of this puts a premium on understanding how voluntary cyber-defense efforts prove to be the most effective in remediating security issues. Thus, this leads to the main research question of the thesis: How can the effectiveness of voluntary action against cybercrime be increased? This research question required us to systematically analyze the relationship between characteristics of notification mechanisms and security issues at the key Internet intermediaries, such as Internet service providers and hosting providers. We investigated this relationship by measuring remediation rates of security issues after sending security notification. All of the studies have been well received by both academia and the industry. Some of their findings have become starting points for the next research step towards a more secure Internet. The research starts with measuring a hosting provider's ability to remediate compromised websites in their network. These websites were compromised and abused by the attackers to be used as phishing websites. We know remarkably little about the factors that drive higher response rates to abuse reports. One such factor is the reputation of the sender. In Chapter 2, we present a study that measures the impact of abuse notifications and a notification sender's reputation on compromised cleanup rates. In the first part of the iv Summary study, we measured the effectiveness of the abuse notifications by comparing two groups of compromised websites. One group received abuse notifications, and the other did not. In the second part of the study, we assess the effectiveness of issuing notifications from three senders with different reputations: an individual, a university and an established anti-malware organization. Additionally, we also studied the efficacy of cleanup advice provided via a link in the notifications. Our results showed that abuse reports significantly increase the remediation rates compared to not notifying. However, sender reputation did not significantly influence the cleanup process. Furthermore, our results suggest that providing a cleanup website containing specific instructions improves the cleanup speed when hosting providers view the instructions. In Chapter 3, we investigated intermediaries' and resources owners' ability to remediate vulnerabilities. Our study investigated the effectiveness of reaching out to different affected parties, and once reached incentivize for vulnerability remediation. The study compared the effectiveness of direct and intermediary remediation strategies in terms of remediation and reachability to find out which channel mobilizes the strongest incentive for remediation. Results demonstrated that there is no good communication mechanism for getting the wealth of vulnerability remediation information to the affected parties. Additionally, we studied whether providing a link to a mechanism to verify the existence of the vulnerability could incentivize resource owners and intermediaries to act upon our notifications. Our results showed no evidence that notifications with vulnerability demonstrations did better than standard notification for both resource owners and intermediaries. After investigating the effectiveness of notifications made to vulnerable and compromised websites owners and intermediaries, we collaborated with an ISP to measure the effectiveness of notifications made to vulnerable and infected device owners. In Chapter 4, we studied user behavior and remediation effectiveness of an alternative mechanism for notification and remediation: quarantining the resource in a so-called walled garden environment. We studied the relationship between cleanup rates and other factors, such as the release mechanism used to get out of quarantine, and the time spent in a quarantine environment. Our results illustrate that almost three-quarters of the quarantined users had managed to clean their infected machines in their first two attempts of quarantining when they have an option to self-release themselves from the quarantine environment. Significantly, providing an option to self-release from the quarantine environment did not introduce lax security behavior. In Chapter 5, we assess the effectiveness of the walled garden by comparing remediation with two other groups: one group which was notified via email but not quarantined and another group where no action was taken. Our results found very high remediation rates for the quarantined users, even though they can self-release from the quarantine environment. Moreover, the walled garden group achieved higher remediation rates than both email and control groups. Surprisingly, over half of the customers who were not notified at all also remediated, though this is tied to the fact that many observations of vulnerable servers are transient. With the rise of IoT malware, cleaning up infected devices in ISP networks has become a critical task. In Chapter 6, we presented remediation rates from an observational study and a randomized controlled trial involving 220 consumers who suffered from Mirai infection. Our findings showed that walled garden notifications achieved higher Mirai malware remediation rates than email notifications. Moreover, our results showed that email notifications have no observable impact compared to a control group where no notifications were sent. However, improving the content of the walled garden notification with more actionable content did not increase the remediation rates. Our research provides a better understanding of how effective these actors are in terms of abuse and vulnerability remediation and how can they be more effective in hosting and ISP market. Concerning the implications of our results for practice, I conclude that voluntary action can be improved by understanding and improving the incentives of Internet intermediaries and resource owners. Both laws and softer governmental mechanisms can be used to incentivized resource owners and intermediaries to act more effectively against cybercrime

Benzer Tezler

  1. Tez No

    43463

    Sağlık sektöründe maliyet-fayda analizi uygulamaları

    Cost-benefit analysis in health services

    UĞUR DÜNDAR

    Yüksek Lisans

    Türkçe

    Türkçe

    1995

    EkonomiHacettepe Üniversitesi

    Maliye Ana Bilim Dalı

    PROF. DR. GÜNERİ AKALIN

  2. Tez No

    711980

    Uluslararası boyutuyla vergi incelemeleri

    Tax examinations with international aspects

    CANSU DAĞ BEREKET

    Doktora

    Türkçe

    Türkçe

    2021

    HukukGalatasaray Üniversitesi

    Kamu Hukuku Ana Bilim Dalı

    PROF. DR. HAKAN ÜZELTÜRK

  3. Tez No

    512134

    Türkiye'de enerji verimliliği yükümlülükleri sisteminin yapılandırılması analizi

    Configuration analysis of energy efficiency obligation scheme in Turkey

    RABİA CİN

    Yüksek Lisans

    Türkçe

    Türkçe

    2018

    Enerjiİstanbul Teknik Üniversitesi

    Enerji Bilim ve Teknoloji Ana Bilim Dalı

    PROF. DR. SERMİN ONAYGİL

  4. Tez No

    733603

    Ankara, İstanbul ve İzmir illerine ait karbon ayak izi hesaplaması ve Monte Carlo simülasyonu ile belirsizlik analizi

    Carbon footprint calculation of Ankara, Istanbul and Izmir provinces and uncertainty analysis with Monte Carlo simulation

    SENA ECEM YAKUT

    Yüksek Lisans

    Türkçe

    Türkçe

    2022

    Meteorolojiİstanbul Teknik Üniversitesi

    Meteoroloji Mühendisliği Ana Bilim Dalı

    PROF. DR. AHMET DURAN ŞAHİN

  5. Tez No

    331175

    Demokrat Parti Döneminde iktidar-sivil toplum kuruluşları ilişkileri: 1950-1960

    Relations with non-governmental organizations Period ruling Democratic Party: 1950-1960

    ALİ ŞAĞAN

    Doktora

    Türkçe

    Türkçe

    2013

    Siyasal BilimlerMarmara Üniversitesi

    Atatürk İlkeleri ve İnkılap Tarihi Ana Bilim Dalı

    PROF. DR. CEMİL ÖZTÜRK

Geri Dön