Technological and Human Factors of Malware Attacks: A Computer Security Clinical Trial Approach

Levesque Fanny Lalonde; Chiasson Sonia; Somayaji Anil; Fernandez Jose M.

首页> 外文期刊>ACM Transaction on Information and System Security >Technological and Human Factors of Malware Attacks: A Computer Security Clinical Trial Approach

【24h】

Technological and Human Factors of Malware Attacks: A Computer Security Clinical Trial Approach

机译：恶意软件攻击的技术和人为因素：一种计算机安全性临床试验方法

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

The success (or failure) of malware attacks depends upon both technological and human factors. The most security-conscious users are susceptible to unknown vulnerabilities, and even the best security mechanisms can be circumvented as a result of user actions. Although there has been significant research on the technical aspects of malware attacks and defence, there has been much less research on how users interact with both malware and current malware defences.This article describes a field study designed to examine the interactions between users, antivirus (AV) software, and malware as they occur on deployed systems. In a fashion similar to medical studies that evaluate the efficacy of a particular treatment, our experiment aimed to assess the performance of AV software and the human risk factors of malware attacks. The 4-month study involved 50 home users who agreed to use laptops that were instrumented to monitor for possible malware attacks and gather data on user behaviour. This study provided some very interesting, non-intuitive insights into the efficacy of AV software and human risk factors. AV performance was found to be lower under real-life conditions compared to tests conducted in controlled conditions. Moreover, computer expertise, volume of network usage, and peer-to-peer activity were found to be significant correlates of malware attacks. We assert that this work shows the viability and the merits of evaluating security products, techniques, and strategies to protect systems through long-term field studies with greater ecological validity than can be achieved through other means.

机译：恶意软件攻击的成功（或失败）取决于技术和人为因素。最注重安全性的用户容易受到未知漏洞的影响，甚至最好的安全性机制也可能由于用户操作而被规避。尽管对恶意软件攻击和防御的技术方面已有大量研究，但有关用户如何与恶意软件和当前恶意软件防御进行交互的研究却很少。本文介绍了一项旨在检查用户之间的交互的实地研究，即防病毒（ AV）软件和恶意软件（它们在已部署的系统上发生）。以类似于评估特定治疗功效的医学研究的方式，我们的实验旨在评估AV软件的性能以及恶意软件攻击的人类危险因素。这项为期4个月的研究涉及50位家庭用户，他们同意使用笔记本电脑，这些笔记本电脑可以监视可能的恶意软件攻击并收集有关用户行为的数据。这项研究提供了一些非常有趣的，非直觉性的见解，以了解AV软件的功效和人类危险因素。与在受控条件下进行的测试相比，在现实生活条件下的AV性能要低。此外，发现计算机专业知识，网络使用量以及对等活动是恶意软件攻击的重要关联。我们断言，这项工作通过对生态有效性的长期野外研究，显示了评估安全产品，技术和策略来保护系统的可行性和优点，而这种有效性远高于通过其他手段所无法实现的。

著录项

来源
《ACM Transaction on Information and System Security》 |2018年第4期|18.1-18.30|共30页
作者
Levesque Fanny Lalonde; Chiasson Sonia; Somayaji Anil; Fernandez Jose M.;
展开▼
作者单位

Ecole Polytech Montreal 2900 Edouard Montpetit Blvd Montreal PQ H3T 1J4 Canada;

Carleton Univ 1125 Colonel By Dr Ottawa ON K1S 5B6 Canada;

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类
关键词
Computer security; clinical trial; malware; antivirus; risk factors;

机译：计算机安全;临床试验;恶意软件;防病毒风险因素;

相似文献

外文文献
中文文献
专利

1. IN THE MIDDLE EAST, 43.5% OF ICS COMPUTERS WERE ATTACKED BY MALWARE IN H1-2018, SAYS KASPERSKY LAB CYBERSECURITY EXPERT [J] . Refining amp, Petrochemicals Middle East Group Refining & Petrochemicals Middle East . 2018,第11期

机译：卡巴斯基实验室网络安全专家表示，在中东，43.5％的ICS计算机在H1-2018中受到恶意软件的攻击
2. An Approach to Mitigate Malware Attacks Using Netfilter's Hybrid Frame in Firewall Security [J] . Nivedita Nahar, Prerna Dewan, Rakesh Kumar International journal of open source software & processes . 2018,第1期

机译：在防火墙安全中使用Netfilter的混合框架缓解恶意软件攻击的方法
3. A human-computer collaborative approach to identifying common data elements in clinical trial eligibility criteria [J] . LuoZ., MiottoR., WengC. Journal of biomedical informatics. . 2013,第1期

机译：一种人机协作的方法来识别临床试验资格标准中的通用数据元素
4. COMPUTER-AIDED DETECTION OF POLYPS IN CT COLONOGRAPHY: PERFORMANCE EVALUATION IN COMPARISON WITH HUMAN READERS BASED ON LARGE MULTICENTER CLINICAL TRIAL CASES [C] . H. Yoshida, J. Nappi, Wenli Cai IEEE International Symposium on Biomedical Imaging . 2009

机译：基于大型多中心临床试验案例的人类读者比较的计算机辅助检测息肉中息肉：性能评估
5. Intelligent Malware Detection Using File-to-file Relations and Enhancing its Security against Adversarial Attacks [D] . Chen, Lingwei. 2019

机译：智能恶意软件检测使用文件到文件关系并提高其对抗对抗攻击的安全性
6. A Human-Computer Collaborative Approach to Identifying Common Data Elements in Clinical Trial Eligibility Criteria [O] . Zhihui Luo, Riccardo Miotto, Chunhua Weng -1

机译：一种临床试验资格标准中识别普通数据元素的人机协作方法
7. A human–computer collaborative approach to identifying common data elements in clinical trial eligibility criteria [O] . Luo Zhihui, Miotto Riccardo, Weng Chunhua 2013

机译：一种人机协作的方法，用于识别临床试验资格标准中的通用数据元素
8. Immune Analysis of Brisbane and California H1N1 in Human Sera and the MIMIC System, and Correlating a H1N1 Pandemic Influenza Clinical Trial with a Clinical Trial in a Test Tube [R] . Wittman, V, Kachurin, A, Warren, W L 2013

机译：布里斯班和加利福尼亚H1N1在人类血清和mImIC系统中的免疫分析，并将H1N1大流行性流感临床试验与试管中的临床试验相关联

Technological and Human Factors of Malware Attacks: A Computer Security Clinical Trial Approach

摘要

著录项

相似文献

相关主题

期刊订阅