TY - GEN
T1 - Analyzing and modeling longitudinal security data
T2 - 31st Annual Computer Security Applications Conference, ACSAC 2015
AU - Edwards, Benjamin
AU - Hofmeyr, Steven
AU - Forrest, Stephanie
AU - Van Eeten, Michel
N1 - Publisher Copyright:
© 2015 ACM.
PY - 2015/12/7
Y1 - 2015/12/7
N2 - Many cybersecurity problems occur on a worldwide scale, but we lack rigorous methods for determining how best to intervene and mitigate damage globally, both short- And long-term. Analysis of longitudinal security data can provide insight into the effectiveness and differential impacts of security interventions on a global level. In this paper we consider the example of spam, studying a large high-resolution data set of messages sent from 260 ISPs in 60 countries over the course of a decade. The statistical analysis is designed to avoid common pitfalls that could lead to erroneous conclusions. We show how factors such as geography, national economics, Internet connectivity and traffic flow impact can affect local spam concentrations. Additionally, we present a statistical model to study temporal transitions in the dataset, and we use a simple extension of the model to investigate the effect of historical botnet takedowns on spam levels. We find that in aggregate most historical takedowns are beneficial in the short-term, but few have long-term impact. Further, even when takedowns are effective globally, they can be detrimental in specific geographic regions or countries. The analysis and modeling described here are based on a single data set. However, the techniques are general and could be adapted to other data sets to help improve decision making about when and how to deploy security interventions.
AB - Many cybersecurity problems occur on a worldwide scale, but we lack rigorous methods for determining how best to intervene and mitigate damage globally, both short- And long-term. Analysis of longitudinal security data can provide insight into the effectiveness and differential impacts of security interventions on a global level. In this paper we consider the example of spam, studying a large high-resolution data set of messages sent from 260 ISPs in 60 countries over the course of a decade. The statistical analysis is designed to avoid common pitfalls that could lead to erroneous conclusions. We show how factors such as geography, national economics, Internet connectivity and traffic flow impact can affect local spam concentrations. Additionally, we present a statistical model to study temporal transitions in the dataset, and we use a simple extension of the model to investigate the effect of historical botnet takedowns on spam levels. We find that in aggregate most historical takedowns are beneficial in the short-term, but few have long-term impact. Further, even when takedowns are effective globally, they can be detrimental in specific geographic regions or countries. The analysis and modeling described here are based on a single data set. However, the techniques are general and could be adapted to other data sets to help improve decision making about when and how to deploy security interventions.
KW - Spam
KW - Statistical model
KW - Takedowns
UR - http://www.scopus.com/inward/record.url?scp=84959373332&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84959373332&partnerID=8YFLogxK
U2 - 10.1145/2818000.2818010
DO - 10.1145/2818000.2818010
M3 - Conference contribution
AN - SCOPUS:84959373332
T3 - ACM International Conference Proceeding Series
SP - 391
EP - 400
BT - Proceedings - 31st Annual Computer Security Applications Conference, ACSAC 2015
PB - Association for Computing Machinery
Y2 - 7 December 2015 through 11 December 2015
ER -