harvesting the low-hanging fruits defending against ...matei/papers/nspw16slides.pdf · Íntegro:...
Post on 29-Sep-2020
2 Views
Preview:
TRANSCRIPT
Harvesting the Low-hanging Fruits:Defending Against Automated Large-Scale
Cyber-Intrusions by Focusing on the Vulnerable Population
Hassan Halawa 1, Konstantin Beznosov 1, Yazan Boshmaf 2,Baris Coskun 3, Matei Ripeanu 1, and Elizeu Santos-Neto 4
1 The University of British Columbia2 Qatar Computing Research Institute
3 Yahoo! Research4 Google, Inc.
Focus on the vulnerable population
Proposed Paradigm
2
Current vs. Proposed Paradigm
3
Phishing
4
Phishing
5
Phishing
6
Phishing
7
Efficient Compromise-Detection Campaigns
Phishing
8
Personalized ControlsImmunization
Efficient Compromise-Detection Campaigns
Phishing
9
Throttled OutboxDelayed Inbox
Personalized ControlsImmunization
Efficient Compromise-Detection Campaigns
Predicting the vulnerable population
10
Advantages of the proposed paradigm
11
● Proactive
● Targeted
● Efficient
● Robust
Intermission
12
Focus on detecting theattacks/attackers
Current Paradigm
13
Problems with the current paradigm
14[SNS’11] Tao Stein, Erdong Chen, and Karan Mangla. 2011. Facebook immune system.
In Proceedings of the 4th Workshop on Social Network Systems (SNS'11). ACM, pp. 8, New York, NY, USA.
Fake Accounts in OSNs
15
Enhanced Graph-Based Defences
Customized User Experience
Efficient Compromise-Detection Campaigns
Íntegro: in a nutshell
16[ECS’16] Boshmaf, Y., Logothetis, D., Siganos, G., Lería, J., Lorenzo, J., Ripeanu, M., Beznosov, K., and Halawa, H. (2016).
Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs.
Elsevier Computers & Security. 61: 142-168.
Íntegro: System Model
17[ECS’16] Boshmaf, Y., Logothetis, D., Siganos, G., Lería, J., Lorenzo, J., Ripeanu, M., Beznosov, K., and Halawa, H. (2016).
Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs.
Elsevier Computers & Security. 61: 142-168.
Íntegro: Trust Propagation
18
[ECS’16] Boshmaf, Y., Logothetis, D., Siganos, G., Lería, J., Lorenzo, J., Ripeanu, M., Beznosov, K., and Halawa, H. (2016).
Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs.
Elsevier Computers & Security. 61: 142-168.
Summary
19
Harvesting the Low-hanging Fruits:Defending Against Automated Large-Scale
Cyber-Intrusions by Focusing on the Vulnerable Population
Hassan Halawa 1, Konstantin Beznosov 1, Yazan Boshmaf 2,Baris Coskun 3, Matei Ripeanu 1, and Elizeu Santos-Neto 4
1 The University of British Columbia2 Qatar Computing Research Institute
3 Yahoo! Research4 Google, Inc.
Contact Email: hhalawa@ece.ubc.caProject Web Site: http://netsyslab.ece.ubc.ca/wiki/index.php/Artemis
Discussion Points
21
Can the vulnerable population be identified?• Offline Worlds
• Online Worlds
• Our Experience
22
Why an approach focused on the vulnerable population is a key defense element?• Similar dynamics to epidemics
• Cost of attack victim
• Multi-stage attacks
23
Why does this approach have the potential to increase the robustness of existing defenses?• Current defenses are attack/attacker centric
• Based on attacker-controlled behavior/features
• Attackers can employ adversarial strategies
24
Can the proposed approach improve the effectiveness of user education or security advice? • First line of defense
• Direct cost (attack) vs. Indirect cost (effort)
• Distribute cost proportional to user vulnerability
25
Are there other domains that can benefit from the proposed approach?• Systems where users can make incorrect decisions
• Enterprise security and risk management
26
Are there legal/ethical implications of the proposed approach?• Paternalism
• Fairness (Service Discrimination)
27
What are some of the challenges that may prevent adopting this paradigm?• Feasibility to develop a vulnerable population classifier
• Inaccuracies in predicting the vulnerable population
• Some mitigation techniques may violate user expectations
• Targeted protection may be confusing / complex
28
What are the categories of defenses enabled by adopting this paradigm?• Targeted protection
• Inferring the origin of attacks
29
What is the relationship to our past work in this area?• Large-scale social-bot infiltration feasible
• Defense system leveraging the proposed paradigm
• Deployed at Telefonica’s OSN Tuenti (50 million+ users)
30
Harvesting the Low-hanging Fruits:Defending Against Automated Large-Scale
Cyber-Intrusions by Focusing on the Vulnerable Population
Hassan Halawa 1, Konstantin Beznosov 1, Yazan Boshmaf 2,Baris Coskun 3, Matei Ripeanu 1, and Elizeu Santos-Neto 4
1 The University of British Columbia2 Qatar Computing Research Institute
3 Yahoo! Research4 Google, Inc.
Contact Email: hhalawa@ece.ubc.caProject Web Site: http://netsyslab.ece.ubc.ca/wiki/index.php/Artemis
Backup Slides
32
Malware Downloads
33
Temporal & Spatial Traffic Graph Analysis Captive Portals Honeypots
Harvesting the Low-hanging Fruits:Defending Against Automated Large-Scale
Cyber-Intrusions by Focusing on the Vulnerable Population
Hassan Halawa 1, Konstantin Beznosov 1, Yazan Boshmaf 2,Baris Coskun 3, Matei Ripeanu 1, and Elizeu Santos-Neto 4
1 The University of British Columbia2 Qatar Computing Research Institute
3 Yahoo! Research4 Google, Inc.
Contact Email: hhalawa@ece.ubc.caProject Web Site: http://netsyslab.ece.ubc.ca/wiki/index.php/Artemis
Thank You35
Questions?
top related