research-article

Open access

Harvesting the low-hanging fruits: defending against automated large-scale cyber-intrusions by focusing on the vulnerable population

Authors:

Konstantin Beznosov,

Elizeu Santos-NetoAuthors Info & Claims

NSPW '16: Proceedings of the 2016 New Security Paradigms Workshop

Pages 11 - 22

https://doi.org/10.1145/3011883.3011885

Published: 26 September 2016 Publication History

Abstract

The orthodox paradigm to defend against automated social-engineering attacks in large-scale socio-technical systems is reactive and victim-agnostic. Defenses generally focus on identifying the attacks/attackers (e.g., phishing emails, social-bot infiltrations, malware offered for download). To change the status quo, we propose to identify, even if imperfectly, the vulnerable user population, that is, the users that are likely to fall victim to such attacks. Once identified, information about the vulnerable population can be used in two ways. First, the vulnerable population can be influenced by the defender through several means including: education, specialized user experience, extra protection layers and watchdogs. In the same vein, information about the vulnerable population can ultimately be used to fine-tune and reprioritize defense mechanisms to offer differentiated protection, possibly at the cost of additional friction generated by the defense mechanism. Secondly, information about the user population can be used to identify an attack (or compromised users) based on differences between the general and the vulnerable population. This paper considers the implications of the proposed paradigm on existing defenses in three areas (phishing of user credentials, malware distribution and socialbot infiltration) and discusses how using knowledge of the vulnerable population can enable more robust defenses.

References

[1]

PhishMe. http://phishme.com/. Accessed: 2016-07-06.

[2]

A. Adams and M. A. Sasse. Users are not the enemy. Communications of the ACM, 42(12):40--46, 1999.

Digital Library

[3]

L. Alvisi, A. Clement, A. Epasto, U. Sapienza, S. Lattanzi, and A. Panconesi. SoK: The evolution of sybil defense via social networks. Proceedings of the IEEE Symposium on Security and Privacy, 2013.

Digital Library

[4]

J. Angwin, J. Larson, S. Mattu, and L. Kirchner. Machine bias risk assessments in criminal sentencing. https://www.propublica.org/article/machine-bias-risk-assessments-in-criminal-sentencing, 2016. {Online; accessed 31-October-2016}.

[5]

R. Baeza-Yates. Data and algorithmic bias in the web. In Proceedings of the 8th ACM Conference on Web Science, WebSci '16, pages 1--1, New York, NY, USA, 2016. ACM.

Digital Library

[6]

D. Balfanz, G. Durfee, R. E. Grinter, and D. Smetters. In search of usable security: Five lessons from the field. IEEE Security and Privacy, 2(5):19--24, 2004.

Digital Library

[7]

M. Barreno, B. Nelson, A. D. Joseph, and J. Tygar. The security of machine learning. Machine Learning, 81(2):121--148, 2010.

Digital Library

[8]

L. Bilge, T. Strufe, D. Balzarotti, and E. Kirda. All your contacts are belong to us: Automated identity theft attacks on social networks. In Proceedings of the 18th International Conference on World Wide Web, WWW '09, pages 551--560, New York, NY, USA, 2009. ACM.

Digital Library

[9]

A. Blum, B. Wardman, T. Solorio, and G. Warner. Lexical feature based phishing URL detection using online learning. In Proceedings of the 3rd ACM Workshop on Artificial Intelligence and Security, AISec '10, pages 54--60, New York, NY, USA, 2010. ACM.

Digital Library

[10]

Y. Boshmaf. Security analysis of malicious socialbots on the web. PhD thesis, University of British Columbia, 2015.

[11]

Y. Boshmaf, K. Beznosov, and M. Ripeanu. Graph-based Sybil detection in social and information systems. In IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM), pages 466--473, Niagara Falls, Canada, August 25--28 2013.

Digital Library

[12]

Y. Boshmaf, I. Muslukhov, K. Beznosov, and M. Ripeanu. The socialbot network: when bots socialize for fame and money. In Proceedings of the 27th Annual Computer Security Applications Conference, ACSAC '11, pages 93--102, New York, NY, USA, 2011. ACM.

Digital Library

[13]

Y. Boshmaf, I. Muslukhov, K. Beznosov, and M. Ripeanu. Key challenges in defending against malicious socialbots. In Proceedings of the 5th USENIX Conference on Large-scale Exploits and Emergent Threats, LEET'12, Berkeley, CA, USA, 2012. USENIX Association.

Digital Library

[14]

Y. Boshmaf, I. Muslukhov, K. Beznosov, and M. Ripeanu. Design and analysis of a social botnet. Computer Networks, 57(2):556--578, February 2013.

Digital Library

[15]

Y. Boshmaf, M. Ripeanu, K. Beznosov, and E. Santos-Neto. Thwarting fake OSN accounts by predicting their victims. In Proceedings of the 8th ACM Workshop on Artificial Intelligence and Security, AISec '15, pages 81--89, New York, NY, USA, October 2015. ACM.

Digital Library

[16]

Q. Cao, M. Sirivianos, X. Yang, and T. Pregueiro. Aiding the detection of fake accounts in large scale social online services. In Proceedings of the 9th USENIX Conference on Networked Systems Design and Implementation, NSDI'12, pages 15--15, Berkeley, CA, USA, 2012. USENIX Association.

Digital Library

[17]

M. Chandrasekaran, R. Chinchani, and S. Upadhyaya. PHONEY: mimicking user response to detect phishing attacks. In Proceedings of the IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks, WoWMoM '16, page 5. IEEE, 2006.

Digital Library

[18]

T. Chen, S. Dick, and J. Miller. Detecting visually similar web pages: Application to phishing detection. ACM Trans. Internet Technol., 10(2):5:1--5:38, June 2010.

Digital Library

[19]

T. Chen, T. Stepan, S. Dick, and J. Miller. An anti-phishing system employing diffused information. ACM Trans. Inf. Syst. Secur., 16(4):16:1--16:31, Apr. 2014.

Digital Library

[20]

T. R. Dillahunt, C. A. Brooks, and S. Gulati. Detecting and visualizing filter bubbles in Google and Bing. In Proceedings of the 33rd Annual ACM Conference Extended Abstracts on Human Factors in Computing Systems, CHI EA '15, pages 1851--1856, New York, NY, USA, 2015. ACM.

Digital Library

[21]

C. Dong and B. Zhou. Effectively detecting content spam on the web using topical diversity measures. In Proceedings of the The 2012 IEEE/WIC/ACM International Joint Conferences on Web Intelligence and Intelligent Agent Technology - Volume 01, WI-IAT '12, pages 266--273, Washington, DC, USA, 2012. IEEE Computer Society.

Digital Library

[22]

S. Dua and X. Du. Data mining and machine learning in cybersecurity. 2011.

Digital Library

[23]

M. Egele, G. Stringhini, C. Kruegel, and G. Vigna. COMPA: Detecting compromised accounts on social networks. In Proceedings of the Network & Distributed System Security Symposium, NDSS '13. ISOC, February 2013.

[24]

S. Egelman and E. Peer. The myth of the average user: Improving privacy and security systems through individualization. In Proceedings of the 2015 New Security Paradigms Workshop, NSPW '15, pages 16--28, New York, NY, USA, 2015. ACM.

Digital Library

[25]

Facebook. Facebook Login. https://developers.facebook.com/docs/facebook-login, 2016. {Online; accessed 31-October-2016}.

[26]

I. Fette, N. Sadeh, and A. Tomasic. Learning to detect phishing emails. In Proceedings of the 16th International Conference on World Wide Web, WWW '07, pages 649--656, New York, NY, USA, 2007. ACM.

Digital Library

[27]

P. Fischer, S. E. G. Lea, and K. M. Evans. Why do individuals respond to fraudulent scam communications and lose money? the psychological determinants of scam compliance. Journal of Applied Social Psychology, 43(10):2060--2072, 2013.

[28]

D. Florêncio and C. Herley. Where do security policies come from? In Proceedings of the Sixth Symposium on Usable Privacy and Security, SOUPS '10, pages 10:1--10:14, New York, NY, USA, 2010. ACM.

Digital Library

[29]

D. Florêncio, C. Herley, and P. C. Van Oorschot. Pushing on string: The 'don't care' region of password strength. Commun. ACM, 59(11):66--74, Oct. 2016.

Digital Library

[30]

D. M. Freeman, S. Jain, M. Dürmuth, B. Biggio, and G. Giacinto. Who are you? a statistical approach to measuring user authenticity. In Proceedings of the 23rd Annual Network and Distributed System Security Symposium, NDSS Symposium'16, San Diego, CA, USA, 2016. ISOC.

[31]

Google. Safebrowsing API. 2015.

[32]

Google. Google OpenID Connect. https://developers.google.com/identity/protocols/OpenIDConnect, 2016. {Online; accessed 31-October-2016}.

[33]

C. Herley. So long, and no thanks for the externalities: the rational rejection of security advice by users. In Proceedings of the 2009 Workshop on New Security Paradigms Workshop, NSPW '09, pages 133--144, New York, NY, USA, 2009. ACM.

Digital Library

[34]

J. Huang, T. Zimmermann, N. Nagapan, C. Harrison, and B. C. Phillips. Mastering the art of war: How patterns of gameplay influence skill in halo. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI '13, pages 695--704, New York, NY, USA, 2013. ACM.

Digital Library

[35]

D. Ingold and S. Soper. Amazon doesn't consider the race of its customers. should it? http://www.bloomberg.com/graphics/2016-amazon-same-day/, 2016. {Online; accessed 31-October-2016}.

[36]

D. Irani, M. Balduzzi, D. Balzarotti, E. Kirda, and C. Pu. Reverse social engineering attacks in online social networks. Detection of Intrusions and Malware, and Vulnerability Assessment, pages 55--74, 2011.

Digital Library

[37]

T. N. Jagatic, N. A. Johnson, M. Jakobsson, and F. Menczer. Social phishing. Commun. ACM, 50(10):94--100, 2007.

Digital Library

[38]

A. Joshi, S. T. King, G. W. Dunlap, and P. M. Chen. Detecting past and present intrusions through vulnerability-specific predicates. In Proceedings of the Twentieth ACM Symposium on Operating Systems Principles, SOSP '05, pages 91--104, New York, NY, USA, 2005. ACM.

Digital Library

[39]

N. E. Kass. An ethics framework for public health. American Journal of Public Health, 91(11):1776--1782, 2001.

[40]

T. H.-J. Kim, A. Yamada, V. Gligor, J. Hong, and A. Perrig. Relationgram: Tie-strength visualization for user-controlled online identity authentication. In In Proceedings of Financial Cryptography and Data Security Conference, pages 69--77. Springer, 2013.

[41]

C. Kruegel and G. Vigna. Anomaly detection of web-based attacks. In Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS '03, pages 251--261, New York, NY, USA, 2003. ACM.

Digital Library

[42]

P. Kumaraguru, J. Cranshaw, A. Acquisti, L. Cranor, J. Hong, M. A. Blair, and T. Pham. School of phish: A real-world evaluation of anti-phishing training. In Proceedings of the 5th Symposium on Usable Privacy and Security, SOUPS '09, pages 3:1--3:12, New York, NY, USA, 2009. ACM.

Digital Library

[43]

P. Kumaraguru, S. Sheng, A. Acquisti, L. F. Cranor, and J. Hong. Teaching johnny not to fall for phish. ACM Trans. Internet Technol., 10(2):7:1--7:31, June 2010.

Digital Library

[44]

J. Langenderfer and T. A. Shimp. Consumer vulnerability to scams, swindles, and fraud: A new theory of visceral influences on persuasion. Psychology and Marketing, 18(7):763--783, 2001.

[45]

G. Liu, G. Xiang, B. A. Pendleton, J. I. Hong, and W. Liu. Smartening the crowds: Computational techniques for improving human verification to fight phishing scams. In Proceedings of the Seventh Symposium on Usable Privacy and Security, SOUPS '11, pages 8:1--8:13, New York, NY, USA, 2011. ACM.

Digital Library

[46]

Y. Liu, F. Chen, W. Kong, H. Yu, M. Zhang, S. Ma, and L. Ru. Identifying web spam with the wisdom of the crowds. ACM Transactions on the Web, 6(1), Mar. 2012.

Digital Library

[47]

Y. Liu, A. Sarabi, J. Zhang, P. Naghizadeh, M. Karir, M. Bailey, and M. Liu. Cloudy with a chance of breach: Forecasting cyber security incidents. In Proceedings of the 24th USENIX Security Symposium, USENIX Security '15, pages 1009--1024, 2015.

Digital Library

[48]

B. Lo. Resolving ethical dilemmas: a guide for clinicians. Williams & Wilkins, 1995.

[49]

M. Loughnan, N. Tapper, and T. Phan. Identifying vulnerable populations in subtropical brisbane, australia: A guide for heatwave preparedness and health promotion. ISRN Epidemiology, 2014, 2014.

[50]

D. Lowd and C. Meek. Adversarial learning. In Proceedings of the 11th ACM SIGKDD International Conference on Knowledge Discovery in Data Mining, KDD '05, pages 641--647, New York, NY, USA, 2005. ACM.

Digital Library

[51]

L. Lu, V. Yegneswaran, P. Porras, and W. Lee. BLADE: An attack-agnostic approach for preventing drive-by malware infections. In Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS '10, pages 440--450, New York, NY, USA, 2010. ACM.

Digital Library

[52]

J. Ma, L. K. Saul, S. Savage, and G. M. Voelker. Beyond blacklists: Learning to detect malicious web sites from suspicious URLs. In Proceedings of the 15th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD '09, pages 1245--1254, New York, NY, USA, 2009. ACM.

Digital Library

[53]

J. Ma, L. K. Saul, S. Savage, and G. M. Voelker. Learning to detect malicious URLs. ACM Trans. Intell. Syst. Technol., 2(3):30:1--30:24, May 2011.

Digital Library

[54]

M. Mannan and P. C. van Oorschot. Security and usability: the gap in real-world online banking. In Proceedings of the 2007 Workshop on New Security Paradigms Workshop, NSPW '07, pages 1--14. ACM, 2008.

Digital Library

[55]

MIT Technology Review. Racism is poisoning online ad delivery, says harvard professor. https://www.technologyreview.com/s/510646/racism-is-poisoning-online-ad-delivery-says-harvard-professor/, 2013. {Online; accessed 31-October-2016}.

[56]

T. Moore, R. Clayton, and R. Anderson. The economics of online crime. Journal of Economic Perspectives, 23(3):3--20, September 2009.

[57]

M. Motoyama, D. McCoy, K. Levchenko, S. Savage, and G. M. Voelker. Dirty jobs: The role of freelance labor in web service abuse. In Proceedings of the 20th USENIX Security Symposium, USENIX Security '11, Aug. 2011.

Digital Library

[58]

J. Nazario. Phoneyc: A virtual client honeypot. In Proceedings of the 2nd USENIX Conference on Large-scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, LEET'09, pages 6--6, Berkeley, CA, USA, 2009. USENIX Association.

Digital Library

[59]

N. Newman. How big data enables economic harm to consumers, especially low income and other vulnerable sectors of the population. Journal of Internet Law December, 18:11--23, 2014.

[60]

C. N. A. C. on SARS, P. Health, and C. D. Naylor. Learning from SARS: renewal of public health in Canada: a report of the National Advisory Committee on SARS and Public Health. National Advisory Committee on SARS and Public Health, 2003.

[61]

R. Perdisci, W. Lee, and N. Feamster. Behavioral clustering of http-based malware and signature generation using malicious network traces. In Proceedings of the 7th USENIX Conference on Networked Systems Design and Implementation, NSDI'10, pages 26--26, Berkeley, CA, USA, 2010. USENIX Association.

Digital Library

[62]

Z. Qian, Z. M. Mao, Y. Xie, and F. Yu. On network-level clusters for spam detection. In Proceedings of the 17th Annual Network and Distributed System Security Symposium, NDSS Symposium'10, San Diego, CA, USA, 2010.

[63]

A. Ramachandran and N. Feamster. Understanding the network-level behavior of spammers. SIGCOMM Comput. Commun. Rev., 36(4):291--302, Aug. 2006.

Digital Library

[64]

H. Rashtian, Y. Boshmaf, P. Jaferian, and K. Beznosov. To befriend or not? a model of friend request acceptance on facebook. In Symposium On Usable Privacy and Security (SOUPS 2014), pages 285--300, Menlo Park, CA, July 2014. USENIX Association.

[65]

J. Ratkiewicz, M. Conover, M. Meiss, B. Gonçalves, S. Patil, A. Flammini, and F. Menczer. Truthy: mapping the spread of astroturf in microblog streams. In Proceedings of the 20th International Conference Companion on World Wide Web, WWW '11, pages 249--252, New York, NY, USA, 2011. ACM.

Digital Library

[66]

RSA. 2013 - a year in review. 2013.

[67]

S. Sheng, M. Holbrook, P. Kumaraguru, L. F. Cranor, and J. Downs. Who falls for phish?: A demographic analysis of phishing susceptibility and effectiveness of interventions. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI '10, pages 373--382, New York, NY, USA, 2010. ACM.

Digital Library

[68]

S. Sheng, B. Magnien, P. Kumaraguru, A. Acquisti, L. F. Cranor, J. Hong, and E. Nunge. Anti-phishing phil: The design and evaluation of a game that teaches people not to fall for phish. In Proceedings of the 3rd Symposium on Usable Privacy and Security, SOUPS '07, pages 88--99, New York, NY, USA, 2007. ACM.

Digital Library

[69]

T. Shon and J. Moon. A hybrid machine learning approach to network anomaly detection. Information Sciences, 177(18):3799--3821, 2007.

Digital Library

[70]

S. Sidiroglou and A. D. Keromytis. A network worm vaccine architecture. In Proceedings of the 12th IEEE Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises, WET ICE '03, pages 220--225. IEEE, 2003.

Digital Library

[71]

C. Simmons, C. Ellis, S. Shiva, D. Dasgupta, and Q. Wu. AVOIDIT: A cyber attack taxonomy. Technical Report CS-09-003, 2009.

[72]

S. Sinha, M. Bailey, and F. Jahanian. Shades of grey: On the effectiveness of reputation-based blacklists. In Proceedings of the 3rd International Conference on Malicious and Unwanted Software, MALWARE '08, pages 57--64. IEEE, 2008.

[73]

D. K. Smetters and R. E. Grinter. Moving from the design of usable security technologies to the design of useful secure applications. In Proceedings of the 2002 Workshop on New Security Paradigms, NSPW '02, pages 82--89, New York, NY, USA, 2002. ACM.

Digital Library

[74]

K. Soska and N. Christin. Automatically detecting vulnerable websites before they turn malicious. In Proceedings of the 23rd USENIX Security Symposium, USENIX Security '14, pages 625--640, 2014.

Digital Library

[75]

T. Stein, E. Chen, and K. Mangla. Facebook immune system. In Proceedings of the 4th Workshop on Social Network Systems, SNS '11, pages 8:1--8:8, New York, NY, USA, 2011. ACM.

Digital Library

[76]

K. Strater and H. R. Lipford. Strategies and struggles with privacy in an online social networking community. In Proceedings of the 22nd British HCI Group Annual Conference on People and Computers: Culture, Creativity, Interaction-Volume 1, pages 111--119. British Computer Society, 2008.

Digital Library

[77]

G. Stringhini, C. Kruegel, and G. Vigna. Detecting spammers on social networks. In Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC '10, pages 1--9, New York, NY, USA, 2010. ACM.

Digital Library

[78]

A. H. Sung, J. Xu, P. Chavez, and S. Mukkamala. Static analyzer of vicious executables (SAVE). In Proceedings of the 20th Annual Computer Security Applications Conference, ACSAC '04, pages 326--334, Dec 2004.

Digital Library

[79]

Symantec. Internet security threat report. 2015.

[80]

K. Thomas, C. Grier, D. Song, and V. Paxson. Suspended accounts in retrospect: an analysis of Twitter spam. In Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference, pages 243--258. ACM, 2011.

Digital Library

[81]

K. Thomas, D. McCoy, and C. Grier. Trafficking fraudulent accounts: the role of the underground market in Twitter spam and abuse. In Proceedings of the 22nd USENIX Security Symposium, USENIX Security '13, pages 195--210. USENIX Association, 2013.

Digital Library

[82]

O. Thonnard, L. Bilge, A. Kashyap, and M. Lee. Are you at risk? profiling organizations and individuals subject to targeted attacks. In Financial Cryptography and Data Security, pages 13--31. Springer, 2015.

[83]

D. Twining, M. M. Williamson, M. J. F. Mowbray, and M. Rahmouni. Email prioritization: Reducing delays on legitimate mail caused by junk mail. In Proceedings of the Annual Conference on USENIX Annual Technical Conference, ATEC '04, pages 4--4, Berkeley, CA, USA, 2004. USENIX Association.

Digital Library

[84]

J. Tygar. Adversarial machine learning. Internet Computing, IEEE, 15(5):4--6, 2011.

Digital Library

[85]

R. Verma and K. Dyer. On the character of phishing URLs: Accurate and robust statistical learning classifiers. In Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, CODASPY '15, pages 111--122, New York, NY, USA, 2015. ACM.

Digital Library

[86]

C. Wagner, S. Mitter, C. Körner, and M. Strohmaier. When social bots attack: Modeling susceptibility of users in online social networks. In Proceedings of the International Conference on World Wide Web, WWW '12, page 2, 2012.

[87]

H. J. Wang, C. Guo, D. R. Simon, and A. Zugenmaier. Shield: Vulnerability-driven network filters for preventing known vulnerability exploits. In Proceedings of the 2004 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, SIGCOMM '04, pages 193--204, New York, NY, USA, 2004. ACM.

Digital Library

[88]

Y.-M. Wang, D. Beck, X. Jiang, R. Roussev, C. Verbowski, S. Chen, and S. King. Automated web patrol with strider honeymonkeys. In Proceedings of the Network & Distributed System Security Symposium, NDSS '06, pages 35--49. ISOC, 2006.

[89]

G. Xiang, J. Hong, C. P. Rose, and L. Cranor. CANTINA+: A feature-rich machine learning framework for detecting phishing web sites. ACM Trans. Inf. Syst. Secur., 14(2):21:1--21:28, Sept. 2011.

Digital Library

[90]

Y. Xie, F. Yu, Q. Ke, M. Abadi, E. Gillum, K. Vitaldevaria, J. Walter, J. Huang, and Z. M. Mao. Innocent by association: early recognition of legitimate users. In Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS '12, pages 353--364, New York, NY, USA, 2012. ACM.

Digital Library

[91]

G. Yan, G. Chen, S. Eidenbenz, and N. Li. Malware propagation in online social networks: nature, dynamics, and defense implications. In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, pages 196--206. ACM, 2011.

Digital Library

[92]

H. Yu. Sybil defenses via social networks: a tutorial and survey. SIGACT News, 42:80--101, October 2011.

Digital Library

[93]

W. Yu, S. Chellappan, X. Wang, and D. Xuan. Peer-to-peer system-based active worm attacks: Modeling, analysis and defense. Comput. Commun., 31(17):4005--4017, Nov. 2008.

Digital Library

[94]

Y. Zeng, X. Hu, and K. G. Shin. Detection of botnets using combined host- and network-level information. In Proceedings of the 2010 IEEE/IFIP International Conference on Dependable Systems Networks, DSN '10, pages 291--300, June 2010.

[95]

Y. Zhang, J. I. Hong, and L. F. Cranor. CANTINA: A content-based approach to detecting phishing web sites. In Proceedings of the 16th International Conference on World Wide Web, WWW '07, pages 639--648, New York, NY, USA, 2007. ACM.

Digital Library

Cited By

Abu Al-Haija QJebril N(2023)Introduction to RansomwarePerspectives on Ethical Hacking and Penetration Testing10.4018/978-1-6684-8218-6.ch006(139-170)Online publication date: 30-Jun-2023
https://doi.org/10.4018/978-1-6684-8218-6.ch006
Arin EKutlu M(2023)Deep Learning Based Social Bot Detection on TwitterIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.325442918(1763-1772)Online publication date: 2023
https://doi.org/10.1109/TIFS.2023.3254429
Mentis HMadjaroff GMassey ATrendafilova Z(2020)The Illusion of Choice in Discussing Cybersecurity Safeguards Between Older Adults with Mild Cognitive Impairment and Their CaregiversProceedings of the ACM on Human-Computer Interaction10.1145/34152354:CSCW2(1-19)Online publication date: 15-Oct-2020
https://dl.acm.org/doi/10.1145/3415235
Show More Cited By

Recommendations

Low-level software security: exploiting memory safety vulnerabilities and assumptions
Characterization, Detection and Mitigation of Low-Rate DoS attack
ICTCS '14: Proceedings of the 2014 International Conference on Information and Communication Technology for Competitive Strategies

Now a day's web services become key aspect of life. Unfortunately there are several threats to these services. These threats are phishing, e-mail borne viruses, Trojan horse programs, Denial of Service etc. Among of them Distributed Denial of Service ...
Detectability of Low-Rate HTTP Server DoS Attacks using Spectral Analysis
ASONAM '15: Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining 2015

Denial-of-Service (DoS) attacks pose a threat to any service provider on the internet. While traditional DoS flooding attacks require the attacker to control at least as much resources as the service provider in order to be effective, so-called low-rate ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

NSPW '16: Proceedings of the 2016 New Security Paradigms Workshop

September 2016

113 pages

ISBN:9781450348133

DOI:10.1145/3011883

General Chair:
Carrie Gates
DELL
,
Program Chairs:
Rainer Böhme
University of Innsbruck
,
Serge Egelman
University of California at Berkeley / ICSI
,
Publications Chair:
Mohammad Mannan
Concordia University

Copyright © 2016 Owner/Author.

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

ACSA: Applied Computing Security Assoc
The National Science Foundation
DELL
CISCO

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 September 2016

Check for updates

Author Tags

Qualifiers

Research-article

Conference

NSPW '16

Sponsor:

ACSA

NSPW '16: New Security Paradigms Workshop 2016

September 26 - 29, 2016

Colorado, Granby, USA

Acceptance Rates

Overall Acceptance Rate 98 of 265 submissions, 37%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
644
Total Downloads

Downloads (Last 12 months)79
Downloads (Last 6 weeks)9

Reflects downloads up to 01 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Abu Al-Haija QJebril N(2023)Introduction to RansomwarePerspectives on Ethical Hacking and Penetration Testing10.4018/978-1-6684-8218-6.ch006(139-170)Online publication date: 30-Jun-2023
https://doi.org/10.4018/978-1-6684-8218-6.ch006
Arin EKutlu M(2023)Deep Learning Based Social Bot Detection on TwitterIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.325442918(1763-1772)Online publication date: 2023
https://doi.org/10.1109/TIFS.2023.3254429
Mentis HMadjaroff GMassey ATrendafilova Z(2020)The Illusion of Choice in Discussing Cybersecurity Safeguards Between Older Adults with Mild Cognitive Impairment and Their CaregiversProceedings of the ACM on Human-Computer Interaction10.1145/34152354:CSCW2(1-19)Online publication date: 15-Oct-2020
https://dl.acm.org/doi/10.1145/3415235
Simoiu CGates CBonneau JGoel S(2019)"I was told to buy a software or lose my computer. i ignored it"Proceedings of the Fifteenth USENIX Conference on Usable Privacy and Security10.5555/3361476.3361487(155-174)Online publication date: 12-Aug-2019
https://dl.acm.org/doi/10.5555/3361476.3361487
Halawa HBeznosov KCoskun BLiu MRipeanu M(2019)Forecasting Suspicious Account Activity at Large-Scale Online Service ProvidersFinancial Cryptography and Data Security10.1007/978-3-030-32101-7_33(569-587)Online publication date: 30-Sep-2019
https://doi.org/10.1007/978-3-030-32101-7_33
Halawa HRipeanu MBeznosov KCoskun BLiu MThuraisingham BBiggio BFreeman DMiller BSinha A(2017)An Early Warning System for Suspicious AccountsProceedings of the 10th ACM Workshop on Artificial Intelligence and Security10.1145/3128572.3140455(51-52)Online publication date: 3-Nov-2017
https://dl.acm.org/doi/10.1145/3128572.3140455

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents