Analyzing and modeling longitudinal security data: Promise and pitfalls

Benjamin Edwards, Steven Hofmeyr, Stephanie Forrest, Michel Van Eeten

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Scopus citations

Abstract

Many cybersecurity problems occur on a worldwide scale, but we lack rigorous methods for determining how best to intervene and mitigate damage globally, both short- And long-term. Analysis of longitudinal security data can provide insight into the effectiveness and differential impacts of security interventions on a global level. In this paper we consider the example of spam, studying a large high-resolution data set of messages sent from 260 ISPs in 60 countries over the course of a decade. The statistical analysis is designed to avoid common pitfalls that could lead to erroneous conclusions. We show how factors such as geography, national economics, Internet connectivity and traffic flow impact can affect local spam concentrations. Additionally, we present a statistical model to study temporal transitions in the dataset, and we use a simple extension of the model to investigate the effect of historical botnet takedowns on spam levels. We find that in aggregate most historical takedowns are beneficial in the short-term, but few have long-term impact. Further, even when takedowns are effective globally, they can be detrimental in specific geographic regions or countries. The analysis and modeling described here are based on a single data set. However, the techniques are general and could be adapted to other data sets to help improve decision making about when and how to deploy security interventions.

Original languageEnglish (US)
Title of host publicationProceedings - 31st Annual Computer Security Applications Conference, ACSAC 2015
PublisherAssociation for Computing Machinery
Pages391-400
Number of pages10
Volume7-11-December-2015
ISBN (Electronic)9781450336826
DOIs
StatePublished - Dec 7 2015
Externally publishedYes
Event31st Annual Computer Security Applications Conference, ACSAC 2015 - Los Angeles, United States
Duration: Dec 7 2015Dec 11 2015

Other

Other31st Annual Computer Security Applications Conference, ACSAC 2015
CountryUnited States
CityLos Angeles
Period12/7/1512/11/15

Keywords

  • Spam
  • Statistical model
  • Takedowns

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Analyzing and modeling longitudinal security data: Promise and pitfalls'. Together they form a unique fingerprint.

  • Cite this

    Edwards, B., Hofmeyr, S., Forrest, S., & Van Eeten, M. (2015). Analyzing and modeling longitudinal security data: Promise and pitfalls. In Proceedings - 31st Annual Computer Security Applications Conference, ACSAC 2015 (Vol. 7-11-December-2015, pp. 391-400). Association for Computing Machinery. https://doi.org/10.1145/2818000.2818010