research-article

A clinical study of risk factors related to malware infections

Authors:

Fanny Lalonde Levesque,

José M. Fernandez,

Sonia Chiasson,

Anil SomayajiAuthors Info & Claims

CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Pages 97 - 108

https://doi.org/10.1145/2508859.2516747

Published: 04 November 2013 Publication History

Abstract

The success of malicious software (malware) depends upon both technical and human factors. The most security conscious users are vulnerable to zero-day exploits; the best security mechanisms can be circumvented by poor user choices. While there has been significant research addressing the technical aspects of malware attack and defense, there has been much less research reporting on how human behavior interacts with both malware and current malware defenses.

In this paper we describe a proof-of-concept field study designed to examine the interactions between users, anti-virus (anti-malware) software, and malware as they occur on deployed systems. The 4-month study, conducted in a fashion similar to the clinical trials used to evaluate medical interventions, involved 50 subjects whose laptops were instrumented to monitor possible infections and gather data on user behavior. Although the population size was limited, this initial study produced some intriguing, non-intuitive insights into the efficacy of current defenses, particularly with regards to the technical sophistication of end users. We assert that this work shows the feasibility and utility of testing security software through long-term field studies with greater ecological validity than can be achieved through other means.

References

[1]

F. Asgharpour, D. Liu, and L. J. Camp. Mental models of computer security risks. In Workshop on the Economics of Information Security (WEIS), 2007.

[2]

AV Comparatives. File detection test of malicious software. Technical report, AV Comparatives, 2013.

[3]

D. Botta, R. Werlinger, A. Gagne, K. Beznosov, L. Iverson, S. Fels, and B. Fisher. Towards understanding IT security professionals and their tools. In ACM Symposium on Usable Privacy and Security (SOUPS), pages 100--111, 2007.

Digital Library

[4]

J. Canto, M. Dacier, E. Kirda, and C. Leita. Large scale malware collection: lessons learned. In IEEE SRDS Workshop on Sharing Field Data and Experiment Measurements on Resilience of Distributed Computing Systems, 2008.

[5]

A. De Luca, M. Langheinrich, and H. Hussmann. Towards understanding ATM security: a field study of real world ATM use. In ACM Symposium on Usable Privacy and Security (SOUPS), 2010.

Digital Library

[6]

Eurostat. Nearly one third of internet users in the EU27 caught a computer virus. http://epp.eurostat.ec.europa.eu/cache/ITY_PUBLIC/4-07022011-AP/EN/4-07022011-AP-EN.PDF, February 2011.

[7]

I. Gashi, V. Stankovic, C. Leita, and O. Thonnard. An experimental study of diversity with off-the-shelf antivirus engines. In IEEE International Symposium on Network Computing and Applications (NCA), 2009.

Digital Library

[8]

S. Gordon and R. Ford. Real world anti-virus product reviews and evaluations: the current state of affairs. In National Information Systems Security Conference, 1996.

[9]

D. Harley and A. Lee. Who will test the testers. In 18th Virus Bulletin International Conference, pages 199--207, 2008.

[10]

J. Kephart and S. White. Directed-graph epidemiological models of computer viruses. In IEEE Symposium on Security and Privacy, 1991.

[11]

S. Kondakci. Epidemic state analysis of computers under malware attacks. Modelling Practice and Theory, 16:571--584, 2008.

[12]

P. Kosinar, J. Malcho, R. Marko, and D. Harley. AV testing exposed. In 20th Virus Bulletin International Conference, 2010.

[13]

F. Lalonde-Levesque. Evaluation d'un produit de securite par essai clinique. Master's thesis, Ecole Polytechnique de Montreal, August 2013.

[14]

F. Lalonde-Levesque, C. Davis, J. Fernandez, S. Chiasson, and A. Somayaji. Methodology for a field study of anti-malware software. In Workshop on Usable Security (USEC), pages 80--85. LNCS, 2012.

Digital Library

[15]

F. Lalonde-Levesque, C. Davis, J. Fernandez, and A. Somayaji. Evaluating antivirus products with field studies. In 22th Virus Bulletin International Conference, pages 87--94, September 2012.

[16]

G. R. Milne, L. I. Labrecque, and C. Cromer. Toward an understanding of the online consumer's risky behavior and protection practices. Journal of Consumer Affairs, 43:449--473, 2009.

[17]

F. T. Ngo and R. Paternoster. Cybercrime victimization: An examination of individual and situational level factors. International Journal of Cyber Criminology, 5(1):773--793, 2011.

[18]

Panda Security Labs. Panda Labs quarterly report January - March 2012. http://press.pandasecurity.com/wp-content/uploads/2012/05/Quarterly-Report-PandaLabs-January-March-2012. pdf, 2012.

[19]

PC Security Labs. Security solution review on Windows 8 platform. Technical report, PC Security Labs, 2013.

[20]

J. A. Rode. Digital parenting: designing children's safety. In British Human Computer Interaction Conference (British HCI), pages 244--251, 2009.

Digital Library

[21]

S. Sheng, M. Holbrook, P. Kumaraguru, L. F. Cranor, and J. Downs. Who falls for phish? A demographic analysis of phishing susceptibility and effectiveness of interventions. In ACM Conference on Human Factors in Computing Systems (CHI), pages 373{382, 2010.

Digital Library

[22]

R. Shyamasundar, H. Shah, and N. Kumar. Malware: from modelling to practical detection. Distributed Computing and Internet Technology, pages 21--39, 2010.

Digital Library

[23]

K. Solic and V. Ilakovac. Security perception of a portable PC user (the difference between medical doctors and engineers): A pilot study. In Medicinski Glasnik, volume 6, pages 261--264, 2009.

[24]

A. Somayaji, Y. Li, H. Inoue, J. Fernandez, and R. Ford. Evaluating security products with clinical trials. In USENIX Workshop on Cyber Security Experimentation and Test (CSET), 2009.

Digital Library

[25]

SurfRight. 32% of computers still infected, despite presence of antivirus program. http://www.surfright.nl/en/home/press/32-percent-infected-despite-antivirus, 2009.

[26]

Trend Micro. Website classiffcation. http://solutionfile.trendmicro.com/solutionfile/ Consumer/new-web-classification.html, 2012.

[27]

J. Vrabec and D. Harley. Real performance? In EICAR Annual Conference, 2010.

[28]

R. Wash. Folk models of home computer security. In ACM Symposium on Usable Privacy and Security (SOUPS), page 11, 2010.

Digital Library

Cited By

Meschini MTizio GBalduzzi MMassacci F(2024)A Case-Control Study to Measure Behavioral Risks of Malware Encounters in OrganizationsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.345696019(9419-9432)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3456960
Iqbal AAman MRejendran RSikdar B(2024)Unveiling the Connection Between Malware and Pirated Software in Southeast Asian Countries: A Case StudyIEEE Open Journal of the Computer Society10.1109/OJCS.2024.33645765(62-72)Online publication date: 2024
https://doi.org/10.1109/OJCS.2024.3364576
Shah RCemiloglu DYucel CAli RKatos V(2024)Is cyber hygiene a remedy to IPTV infringement? A study of online streaming behaviours and cyber security practicesInternational Journal of Information Security10.1007/s10207-024-00824-023:3(1913-1926)Online publication date: 6-Mar-2024
https://doi.org/10.1007/s10207-024-00824-0
Show More Cited By

Index Terms

A clinical study of risk factors related to malware infections
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Technological and Human Factors of Malware Attacks: A Computer Security Clinical Trial Approach

The success (or failure) of malware attacks depends upon both technological and human factors. The most security-conscious users are susceptible to unknown vulnerabilities, and even the best security mechanisms can be circumvented as a result of user ...
Detecting, validating and characterizing computer infections in the wild
IMC '11: Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference

Although network intrusion detection systems (IDSs) have been studied for several years, their operators are still overwhelmed by a large number of false-positive alerts. In this work we study the following problem: from a large archive of intrusion ...
Collaboratively filtering malware infections: a tensor decomposition approach
ACM TURC '17: Proceedings of the ACM Turing 50th Celebration Conference - China

Malicious applications pose a threat to the security of the Android platform and Android smartphones often remain unprotected from novel malware. In this paper, we propose a Tensor filter, a collaborative approach for detection of Android malware, which ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

November 2013

1530 pages

ISBN:9781450324779

DOI:10.1145/2508859

General Chair:
Ahmad-Reza Sadeghi
TU Darmstadt, CASED, Intel ICRI-SC, Germany
,
Program Chairs:
Virgil Gligor
Carnegie Mellon University, USA
,
Moti Yung
Columbia University, USA

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 November 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'13

Sponsor:

SIGSAC

CCS'13: 2013 ACM SIGSAC Conference on Computer and Communications Security

November 4 - 8, 2013

Berlin, Germany

Acceptance Rates

CCS '13 Paper Acceptance Rate 105 of 530 submissions, 20%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

52
Total Citations
View Citations
1,155
Total Downloads

Downloads (Last 12 months)49
Downloads (Last 6 weeks)0

Reflects downloads up to 24 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Meschini MTizio GBalduzzi MMassacci F(2024)A Case-Control Study to Measure Behavioral Risks of Malware Encounters in OrganizationsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.345696019(9419-9432)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3456960
Iqbal AAman MRejendran RSikdar B(2024)Unveiling the Connection Between Malware and Pirated Software in Southeast Asian Countries: A Case StudyIEEE Open Journal of the Computer Society10.1109/OJCS.2024.33645765(62-72)Online publication date: 2024
https://doi.org/10.1109/OJCS.2024.3364576
Shah RCemiloglu DYucel CAli RKatos V(2024)Is cyber hygiene a remedy to IPTV infringement? A study of online streaming behaviours and cyber security practicesInternational Journal of Information Security10.1007/s10207-024-00824-023:3(1913-1926)Online publication date: 6-Mar-2024
https://doi.org/10.1007/s10207-024-00824-0
Abu Al-Haija QJebril N(2023)Introduction to RansomwarePerspectives on Ethical Hacking and Penetration Testing10.4018/978-1-6684-8218-6.ch006(139-170)Online publication date: 30-Jun-2023
https://doi.org/10.4018/978-1-6684-8218-6.ch006
Bilge LDambra S(2023)Infection Risk Prediction and ManagementEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-642-27739-9_1634-1(1-5)Online publication date: 9-Mar-2023
https://doi.org/10.1007/978-3-642-27739-9_1634-1
Kure HNwajana A(2022)Protection of Critical Infrastructure Using an Integrated Cybersecurity Risk Management (i-CSRM) Framework5G Internet of Things and Changing Standards for Computing and Electronic Systems10.4018/978-1-6684-3855-8.ch004(94-133)Online publication date: 3-Jun-2022
https://doi.org/10.4018/978-1-6684-3855-8.ch004
Hussain AAhmad STanveer MIqbal A(2022)Computer Malware Classification, Factors, and Detection Techniques: A Systematic Literature Review (SLR)International Journal of Innovations in Science and Technology10.33411/IJIST/20220403204:3(899-918)Online publication date: 29-Aug-2022
https://doi.org/10.33411/IJIST/2022040320
Labrèche FMariconti EStringhini G(2022)Shedding Light on the Targeted Victim Profiles of Malicious DownloadersProceedings of the 17th International Conference on Availability, Reliability and Security10.1145/3538969.3544435(1-10)Online publication date: 23-Aug-2022
https://dl.acm.org/doi/10.1145/3538969.3544435
Saha SMbongue JBobda C(2022)Metrics for Assessing Security of System-on-Chip2022 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)10.1109/HOST54066.2022.9839854(113-116)Online publication date: 27-Jun-2022
https://doi.org/10.1109/HOST54066.2022.9839854
Charmet FMorikawa TTakahashi T(2022)Toward a Better Understanding of Mobile Users’ Behavior: A Web Session Repair SchemeIEEE Access10.1109/ACCESS.2022.320640210(99931-99943)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3206402
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents