Abstract
The success (or failure) of malware attacks depends upon both technological and human factors. The most security-conscious users are susceptible to unknown vulnerabilities, and even the best security mechanisms can be circumvented as a result of user actions. Although there has been significant research on the technical aspects of malware attacks and defence, there has been much less research on how users interact with both malware and current malware defences.
This article describes a field study designed to examine the interactions between users, antivirus (AV) software, and malware as they occur on deployed systems. In a fashion similar to medical studies that evaluate the efficacy of a particular treatment, our experiment aimed to assess the performance of AV software and the human risk factors of malware attacks. The 4-month study involved 50 home users who agreed to use laptops that were instrumented to monitor for possible malware attacks and gather data on user behaviour. This study provided some very interesting, non-intuitive insights into the efficacy of AV software and human risk factors. AV performance was found to be lower under real-life conditions compared to tests conducted in controlled conditions. Moreover, computer expertise, volume of network usage, and peer-to-peer activity were found to be significant correlates of malware attacks. We assert that this work shows the viability and the merits of evaluating security products, techniques, and strategies to protect systems through long-term field studies with greater ecological validity than can be achieved through other means.
- Shahid Alam, Ibrahim Sogukpinar, Issa Traore, and Yvonne Coady. 2014. In-cloud malware analysis and detection: State of the art. In Proceedings of the 7th International Conference on Security of Information and Networks. ACM, 473. Google Scholar
Digital Library
- AV Comparatives. 2013. File Detection Test of Malicious Software. Technical Report. AV Comparatives.Google Scholar
- J. Blackbird and B. Pfeifer. 2013. The global impact of anti-malware protection state on infection rates. In Proceedings of the Virus Bulletin International Conference.Google Scholar
- Adam M. Bossler and Thomas J. Holt. 2009. On-line activities, guardianship, and malware infection: An examination of routine activities theory. Int. J. Cyber Criminol. 3, 1 (2009), 400.Google Scholar
- Davide Canali, Leyla Bilge, and Davide Balzarotti. 2014. On the effectiveness of risk prediction based on users browsing behavior. In Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security. ACM, 171--182. Google Scholar
Digital Library
- Y. Carlinet, L. Mé, H. Débar, and Y. Gourhant. 2008. Analysis of computer infection risk factors based on customer network usage. In Proceedings of the 2nd International Conference on Emerging Security Information, Systems and Technologies (SECURWARE’08). 317--325. Google Scholar
Digital Library
- Tudor Dumitras. 2011. Field data available at Symantec research labs: The worldwide intelligence network environment (WINE). In Proceedings of the ASPLOS Exascale Evaluation and Research Techniques Workshop.Google Scholar
- Simon P. G. Edwards. 2013. Four Fs of anti-malware testing: A practical approach to testing endpoint security products. In Proceedings of the Workshop on Anti-malware Testing Research (WATeR’13). IEEE, 1--9.Google Scholar
Cross Ref
- Serge Egelman and Eyal Peer. 2015. The myth of the average user: Improving privacy and security systems through individualization. In Proceedings of the New Security Paradigms Workshop. ACM, 16--28. Google Scholar
Digital Library
- Eurostat. 2011. Nearly one-third of internet users in the EU27 caught a computer virus. Retrieved from http://ec.europa.eu/eurostat/documents/2995521/5028026/4-07022011-AP-EN.PDF/22c742a6-9a3d-456d-bedc-f91deb15481b.Google Scholar
- Alain Forget, Saranga Komanduri, Alessandro Acquisti, Nicolas Christin, Lorrie Faith Cranor, and Rahul Telang. 2014. Building the security behavior observatory: An infrastructure for long-term monitoring of client machines. In Proceedings of the Symposium and Bootcamp on the Science of Security. ACM, 24. Google Scholar
Digital Library
- Steven Furnell. 2010. Usability versus complexity—Striking the balance in end-user security. Netw. Secur. 2010, 12 (2010), 13--17. Google Scholar
Digital Library
- S. Gordon and R. Ford. 1996. Real-world anti-virus product reviews and evaluations: The current state of affairs. In Proceedings of the National Information Systems Security Conference.Google Scholar
- Galen A. Grimes, Michelle G. Hough, and Margaret L. Signorella. 2007. Email end users and spam: Relations of gender and age group to attitudes and actions. Comput. Human Behav. 23, 1 (2007), 318--332.Google Scholar
Cross Ref
- David Harley. 2009. Making sense of anti-malware comparative testing. Info. Secur. Tech. Rep. 14, 1 (2009), 7--15. Google Scholar
Digital Library
- D. Harley and A. Lee. 2008. Who will test the testers. In Proceedings of the 18th Virus Bulletin International Conference. 199--207.Google Scholar
- International Secure Systems Lab. 2013. Anubis malware analysis for unknown binaries. Retrieved from https://anubis.iseclab.org/.Google Scholar
- Tom N. Jagatic, Nathaniel A. Johnson, Markus Jakobsson, and Filippo Menczer. 2007. Social phishing. Commun. ACM 50, 10 (2007), 94--100. Google Scholar
Digital Library
- Andrew Kalafut, Abhinav Acharya, and Minaxi Gupta. 2006. A study of malware in peer-to-peer networks. In Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement. ACM, 327--332. Google Scholar
Digital Library
- P. Kosinar, J. Malcho, R. Marko, and D. Harley. 2010. AV testing exposed. In Proceedings of the 20th Virus Bulletin International Conference.Google Scholar
- Ponnurangam Kumaraguru, Justin Cranshaw, Alessandro Acquisti, Lorrie Cranor, Jason Hong, Mary Ann Blair, and Theodore Pham. 2009. School of phish: A real-world evaluation of anti-phishing training. In Proceedings of the 5th Symposium on Usable Privacy and Security. ACM, 3. Google Scholar
Digital Library
- Fanny Lalonde Lévesque and José M. Fernandez. 2014. Computer security clinical trials: Lessons learned from a 4-month pilot study. In Proceedings of the 7th USENIX Conference on Cyber Security Experimentation and Test. USENIX Association. Google Scholar
Digital Library
- Fanny Lalonde Lévesque, José M. Fernandez, and Dennis Batchelder. 2017. Age and gender as independent risk factors for malware victimisation. In Proceedings of the 31th International British Human Computer Interaction Conference. Google Scholar
Digital Library
- Fanny Lalonde Lévesque, José M. Fernandez, Dennis Batchelder, and Glaucia Young. 2016. Are they real? Real-life comparative tests of anti-virus products. In Proceedings of the 26th Virus Bulletin International Conference. 25--33.Google Scholar
- Fanny Lalonde Lévesque, Jose M. Fernandez, and Anil Somayaji. 2014. Risk prediction of malware victimization based on user behavior. In Proceedings of the 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE’14). IEEE, 128--134.Google Scholar
Cross Ref
- Fanny Lalonde Lévesque, Jude Nsiempba, José M. Fernandez, Sonia Chiasson, and Anil Somayaji. 2013. A clinical study of risk factors related to malware infections. In Proceedings of the ACM SIGSAC Conference on Computer & Communications Security. ACM, 97--108. Google Scholar
Digital Library
- Fanny Lalonde Lévesque, Anil Somayaji, Dennis Batchelder, and Jose M. Fernandez. 2015. Measuring the health of antivirus ecosystems. In Proceedings of the 10th International Conference on Malicious and Unwanted Software (MALWARE’15). IEEE, 101--109. Google Scholar
Digital Library
- Martin Lee. 2012. Who’s next? Identifying risks factors for subjects of targeted attacks. In Proceedings of the Virus Bulletin International Conference. 301--306.Google Scholar
- Fanny Lalonde Lévesque, C. R. Davis, J. M. Fernandez, S. Chiasson, and A. Somayaji. 2012. Methodology for a field study of anti-malware software. In Proceedinsg of the Workshop on Usable Security (USEC’12). LNCS, 80--85.Google Scholar
- Fanny Lalonde Lévesque, C. R. Davis, J. M. Fernandez, and A. Somayaji. 2012. Evaluating antivirus products with field studies. In Proceedings of the 22th Virus Bulletin International Conference. 87--94.Google Scholar
- Gregor Maier, Anja Feldmann, Vern Paxson, Robin Sommer, and Matthias Vallentin. 2011. An assessment of overt malicious activity manifest in residential networks. In Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 144--163. Google Scholar
Digital Library
- Andreas Marx. 2000. A guideline to anti-malware-software testing. In Proceedings of the 9th Annual European Institute for Computer Antivirus Research Conference. 218--253.Google Scholar
- G. R. Milne, L. I. Labrecque, and C. Cromer. 2009. Toward an understanding of the online consumer’s risky behavior and protection practices. J. Consum. Affairs 43 (2009), 449--473.Google Scholar
Cross Ref
- Igor Muttik and James Vignoles. 2008. Rebuilding anti-malware testing for the future. In Virus Bulletin Conference.Google Scholar
- Fawn T. Ngo and Raymond Paternoster. 2011. Cybercrime victimization: An examination of individual and situational level factors. Int. J. Cyber Criminol. 5, 1 (2011), 773--793.Google Scholar
- Daniela Oliveira, Harold Rocha, Huizi Yang, Donovan Ellis, Sandeep Dommaraju, Melis Muradoglu, Devon Weir, Adam Soliman, Tian Lin, and Natalie Ebner. 2017. Dissecting spear phishing emails for older vs. young adults: On the interplay of weapons of influence and life domains in predicting susceptibility to phishing. In Proceedings of the CHI Conference on Human Factors in Computing Systems. ACM, 6412--6424. Google Scholar
Digital Library
- Kaan Onarlioglu, Utku Ozan Yilmaz, Engin Kirda, and Davide Balzarotti. 2012. Insights into user behavior in dealing with internet attacks. In Proceedings of the Network and Distributed System Security Symposium (NDSS’12).Google Scholar
- Michael Ovelgönne, Tudor Dumitras, B. Aditya Prakash, V. S. Subrahmanian, and Benjamin Wang. 2017. Understanding the relationship between human behavior and susceptibility to cyber attacks: A data-driven approach. ACM Trans. Intell. Syst. Technol. 8, 4 (2017), 51. Google Scholar
Digital Library
- Panda Security Labs. 2011. Panda Labs Annual Report 2011 Summary. Retrieved from https://www.pandasecurity.com/mediacenter/src/uploads/2012/01/Annual-Report-PandaLabs-2011.pdf.Google Scholar
- PC Security Labs. 2013. Security Solution Review on Windows 8 Platform. Technical Report. PC Security Labs.Google Scholar
- Bradford W. Reyns. 2013. Online routines and identity theft victimization further expanding routine activity theory beyond direct-contact offenses. J. Res. Crime Delinq. 50, 2 (2013), 216--238.Google Scholar
Cross Ref
- Imtithal A. Saeed, Ali Selamat, and Ali M. A. Abuagoub. 2013. A survey on malware and malware detection systems. International Journal of Computer Applications 67, 16 (2013), 25--31.Google Scholar
Cross Ref
- S. Sheng, M. Holbrook, P. Kumaraguru, L. F. Cranor, and J. Downs. 2010. Who falls for phish? A demographic analysis of phishing susceptibility and effectiveness of interventions. In Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI’10). 373--382. Google Scholar
Digital Library
- A. Somayaji, Y. Li, H. Inoue, J. M. Fernandez, and R. Ford. 2009. Evaluating security products with clinical trials. In Proceedings of the USENIX Workshop on Cyber Security Experimentation and Test (CSET’09). Google Scholar
Digital Library
- SurfRight. 2009. Real-World malware statistics: October/November 2009. Retrieved from http://files.surfright.nl/reports/HitmanPro3-RealWorldStatistics-OctNov2009.pdf.Google Scholar
- Symantec Corporation. 2012. Internet security threat report 2011 trends. Retrieved from http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_2011_21239364.en-us.pdf.Google Scholar
- The WildList Organization International. 2017. The WildList. Retrieved from https://www.wildlist.org/.Google Scholar
- Olivier Thonnard, Leyla Bilge, Anand Kashyap, and Martin Lee. 2015. Are you at risk? Profiling organizations and individuals subject to targeted attacks. In Proceedings of the International Conference on Financial Cryptography and Data Security. Springer, 13--31.Google Scholar
Cross Ref
- Trend Micro. 2012. Website classification. Retrieved from http://solutionfile.trendmicro.com/solutionfile/Consumer/new-web-classification.html.Google Scholar
- Virus Total. 2013. Virus total. Retrieved from https://www.virustotal.com.Google Scholar
- J. Vrabec and D. Harley. 2010. Real performance? In Proceedings of the European Institute for Computer Antivirus Research Annual Conference (EICAR’10).Google Scholar
- Ting-Fang Yen, Victor Heorhiadi, Alina Oprea, Michael K. Reiter, and Ari Juels. 2014. An epidemiological study of malware encounters in a large enterprise. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. ACM, 1117--1130. Google Scholar
Digital Library
- Righard Zwienenberg, Richard Ford, and Thomas Wegele. 2013. The real-time threat list. In Proceedings of the 23rd Virus Bulletin International Conference.Google Scholar
Index Terms
Technological and Human Factors of Malware Attacks: A Computer Security Clinical Trial Approach
Recommendations
A clinical study of risk factors related to malware infections
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications securityThe success of malicious software (malware) depends upon both technical and human factors. The most security conscious users are vulnerable to zero-day exploits; the best security mechanisms can be circumvented by poor user choices. While there has been ...
Antivirus security: naked during updates
The security of modern computer systems heavily depends on security tools, especially on antivirus software solutions. In the anti-malware research community, development of techniques for evading detection by antivirus software is an active research ...
Ontology for Malware Behavior: A Core Model Proposal
WETICE '14: Proceedings of the 2014 IEEE 23rd International WETICE ConferenceThe ubiquity of Internet-connected devices motivates attackers to create malicious programs (malware) to exploit users and their systems. Malware detection requires a deep understanding of their possible behaviors, one that is detailed enough to tell ...






Comments