Predicting impending exposure to malicious content from user behavior

Mahmood Sharif, Jumpei Urakawa, Nicolas Christin, Ayumu Kubota, Akira Yamada

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Many computer-security defenses are reactive—they operate only when security incidents take place, or immediately thereafter. Recent efforts have attempted to predict security incidents before they occur, to enable defenders to proactively protect their devices and networks. These efforts have primarily focused on long-term predictions. We propose a system that enables proactive defenses at the level of a single browsing session. By observing user behavior, it can predict whether they will be exposed to malicious content on the web seconds before the moment of exposure, thus opening a window of opportunity for proactive defenses. We evaluate our system using three months’ worth of HTTP traffic generated by 20,645 users of a large cellular provider in 2017 and show that it can be helpful, even when only very low false positive rates are acceptable, and despite the difficulty of making “on-the-fly” predictions. We also engage directly with the users through surveys asking them demographic and security-related questions, to evaluate the utility of self-reported data for predicting exposure to malicious content. We find that self-reported data can help forecast exposure risk over long periods of time. However, even on the long-term, self-reported data is not as crucial as behavioral measurements to accurately predict exposure.

Original languageEnglish
Title of host publicationCCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security
Pages1487-1501
Number of pages15
ISBN (Electronic)9781450356930
DOIs
StatePublished - 15 Oct 2018
Externally publishedYes
Event25th ACM Conference on Computer and Communications Security, CCS 2018 - Toronto, Canada
Duration: 15 Oct 2018 → …

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security

Conference

Conference25th ACM Conference on Computer and Communications Security, CCS 2018
Country/TerritoryCanada
CityToronto
Period15/10/18 → …

Keywords

  • Exposure prediction
  • Network security
  • Proactive security

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Predicting impending exposure to malicious content from user behavior'. Together they form a unique fingerprint.

Cite this