research-article

Open access

An Epidemiological Study of Malware Encounters in a Large Enterprise

Authors:

Victor Heorhiadi,

Michael K. Reiter,

Ari JuelsAuthors Info & Claims

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

Pages 1117 - 1130

https://doi.org/10.1145/2660267.2660330

Published: 03 November 2014 Publication History

Abstract

We present an epidemiological study of malware encounters in a large, multi-national enterprise. Our data sets allow us to observe or infer not only malware presence on enterprise computers, but also malware entry points, network locations of the computers (i.e., inside the enterprise network or outside) when the malware were encountered, and for some web-based malware encounters, web activities that gave rise to them. By coupling this data with demographic information for each host's primary user, such as his or her job title and level in the management hierarchy, we are able to paint a reasonably comprehensive picture of malware encounters for this enterprise. We use this analysis to build a logistic regression model for inferring the risk of hosts encountering malware; those ranked highly by our model have a >3x higher rate of encountering malware than the base rate. We also discuss where our study confirms or refutes other studies and guidance that our results suggest.

References

[1]

"epidemiology". In Merriam-Webster.com, 15 May 2014.

[2]

J. Caballero, C. Grier, C. Kreibich, and V. Paxson. Measuring pay-per-install: The commoditization of malware distribution. In 20th USENIX Security Symposium, Aug. 2011.

Digital Library

[3]

D. Canali, L. Bilge, and D. Balzarotti. On the effectiveness of risk prediction based on users browsing behavior. In 9th ACM Symposium on Information, Computer and Commmunications Security, June 2014.

Digital Library

[4]

Y. Carlinet, L. M�, H. Debar, and Y. Gourhant. Analysis of computer infection risk factors based on customer network usage. In 2nd International Conference on EmergingSecurity Information, Systems and Technologies, pages 317--325, Aug. 2008.

Digital Library

[5]

M. P. Collins, T. J. Shimeall, S. Faber, J. Janies, R. Weaver, M. De Shon, and J. B. Kadane. Using uncleanliness to predict future botnet addresses. In 7th ACM Internet Measurement Conference, pages 93--104, Oct. 2007.

Digital Library

[6]

A. Kleiner, P. Nicholas, and K. Sullivan. Linking Cybersecurity Policy and Performance. Microsoft Trustworthy Computing, 2013.

[7]

M. W. Kreuter and R. J. Wray. Tailored and targeted health communication: Strategies for enhancing information relevance. American Journal of Health Behavior, 27:S227--S232(6), November 2003.

[8]

M. Lee. Who's next? identifying risks factors for subjects of targeted attacks. In Proc. Virus Bull. Conf, pages 301--306, 2012.

[9]

F. L�vesque, J. Nsiempba, J. M. Fernandez, S. Chiasson, and A. Somayaji. A clinical study of risk factors related to malware infections. In 20th ACM Conference on Computer and Communications Security, Nov. 2013.

Digital Library

[10]

G. Maier, A. Feldmann, V. Paxson, R. Sommer, and M. Vallentin. An assessment of overt malicious activity manifest in residential networks. In Detection of Intrusion and Malware, and Vulnerability Assessment, 8th International Conference, pages 144--163, July 2011.

Digital Library

[11]

Microsoft. Security Intelligence Report. http://www.microsoft.com/security/sir/default.aspx, 2011.

[12]

Microsoft. Security Intelligence Report. http://www.microsoft.com/security/sir/default.aspx, 2013.

[13]

G. R. Milne, L. I. Labrecque, and C. Cromer. Toward and understanding of the online consumer's risky behavior and protection practices. Journal of Consumer Affairs, 43:449--473, 2009.

[14]

F. T. Ngo and R. Paternoster. Cybercrime victimization: An examination of individual and situational level factors. International Journal of Cyber Criminology, 5(1):773--793, 2011.

[15]

K. Onarlioglu, U. O. Yilmaz, E. Kirda, and D. Balzarotti. Insights into user behavior in dealing with internet attacks. In Network and Distributed System Security Symposium (NDSS), 2012.

[16]

A. Ramachandran and N. Feamster. Understanding the network-level behavior of spammers. In 2006 ACM SIGCOMM, pages 291--302, Sept. 2006.

Digital Library

[17]

S. Sheng, M. Holbrook, P. Kumaraguru, L. F. Cranor, and J. Downs. Who falls for phish? A demographic analysis of phishing susceptibility and effectiveness of interventions. In ACM Conference on Human Factors in Computing Systems, pages 373--382, Apr. 2010.

Digital Library

[18]

D. Sounthiraraj, J. Sahs, G. Greenwood, Z. Lin, and L. Khan. Smv-hunter: Large scale, automated detection of ssl/tls man-in-the-middle vulnerabilities in android apps. In 2014 NDSS Symposium, 2014.

[19]

Symantec Corporation. Internet security threat report.http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_appendices_v18_2012_221284438.en-us.pdf, 2013.

[20]

M. Vasek and T. Moore. Identifying risk factors for webserver compromise. Financial Cryptography and Data Security, 2014.

[21]

Y. Xie, F. Yu, K. Achan, R. Panigrahy, G. Hulten, and I. Osipkov. Spamming botnets: Signatures and characteristics. In 2008 ACM SIGCOMM, pages 171--182, Aug. 2008.

Digital Library

[22]

J. Zhang, Z. Durumeric, M. Bailey, M. Liu, and M. Karir. On the mismanagement and maliciousness of networks. In 2014 NDSS Symposium, 2014.

Cited By

Meschini MTizio GBalduzzi MMassacci F(2024)A Case-Control Study to Measure Behavioral Risks of Malware Encounters in OrganizationsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.345696019(9419-9432)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3456960
Iqbal AAman MRejendran RSikdar B(2024)Unveiling the Connection Between Malware and Pirated Software in Southeast Asian Countries: A Case StudyIEEE Open Journal of the Computer Society10.1109/OJCS.2024.33645765(62-72)Online publication date: 2024
https://doi.org/10.1109/OJCS.2024.3364576
Dambra SBilge LKotzias PShen YCaballero JCalandrino JTroncoso C(2023)One size does not fit allProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620555(5683-5700)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620555
Show More Cited By

Index Terms

An Epidemiological Study of Malware Encounters in a Large Enterprise
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
  2. Network security
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

An empirical study of global malware encounters
HotSoS '15: Proceedings of the 2015 Symposium and Bootcamp on the Science of Security

The number of trojans, worms, and viruses that computers encounter varies greatly across countries. Empirically identifying factors behind such variation can provide a scientific empirical basis to policy actions to reduce malware encounters in the most ...
Smart malware detection on Android

Nowadays, because of its increased popularity, Android is target to a growing number of attacks and malicious applications, with the purpose of stealing private information and consuming credit by subscribing to premium services. Most of the current ...
A Comparison of Systemic and Systematic Risks of Malware Encounters in Consumer and Enterprise Environments
Malware is still a widespread problem, and it is used by malicious actors to routinely compromise the security of computer systems. Consumers typically rely on a single AV product to detect and block possible malware infections, while corporations often ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

November 2014

1592 pages

ISBN:9781450329576

DOI:10.1145/2660267

General Chair:
Gail-Joon Ahn
Arizona State University, USA
,
Program Chairs:
Moti Yung
Google -- Columbia University, USA
,
Ninghui Li
Purdue University, USA

Copyright � 2014 Owner/Author.

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 November 2014

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'14

Sponsor:

SIGSAC

CCS'14: 2014 ACM SIGSAC Conference on Computer and Communications Security

November 3 - 7, 2014

Arizona, Scottsdale, USA

Acceptance Rates

CCS '14 Paper Acceptance Rate 114 of 585 submissions, 19%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

49
Total Citations
View Citations
1,284
Total Downloads

Downloads (Last 12 months)112
Downloads (Last 6 weeks)20

Reflects downloads up to 16 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Meschini MTizio GBalduzzi MMassacci F(2024)A Case-Control Study to Measure Behavioral Risks of Malware Encounters in OrganizationsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.345696019(9419-9432)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3456960
Iqbal AAman MRejendran RSikdar B(2024)Unveiling the Connection Between Malware and Pirated Software in Southeast Asian Countries: A Case StudyIEEE Open Journal of the Computer Society10.1109/OJCS.2024.33645765(62-72)Online publication date: 2024
https://doi.org/10.1109/OJCS.2024.3364576
Dambra SBilge LKotzias PShen YCaballero JCalandrino JTroncoso C(2023)One size does not fit allProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620555(5683-5700)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620555
Chi AAnderson BReiter M(2023)Prioritizing Remediation of Enterprise Hosts by Malware Execution RiskProceedings of the 39th Annual Computer Security Applications Conference10.1145/3627106.3627180(550-564)Online publication date: 4-Dec-2023
https://dl.acm.org/doi/10.1145/3627106.3627180
Dambra SBilge LBalzarotti D(2023)A Comparison of Systemic and Systematic Risks of Malware Encounters in Consumer and Enterprise EnvironmentsACM Transactions on Privacy and Security10.1145/356536226:2(1-30)Online publication date: 12-Apr-2023
https://dl.acm.org/doi/10.1145/3565362
Apruzzese GLaskov PMontes de Oca EMallouli WBrdalo Rapa LGrammatopoulos ADi Franco F(2023)The Role of Machine Learning in CybersecurityDigital Threats: Research and Practice10.1145/35455744:1(1-38)Online publication date: 7-Mar-2023
https://dl.acm.org/doi/10.1145/3545574
Bilge LDambra S(2023)Infection Risk Prediction and ManagementEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-642-27739-9_1634-1(1-5)Online publication date: 9-Mar-2023
https://doi.org/10.1007/978-3-642-27739-9_1634-1
Kure HNwajana A(2022)Protection of Critical Infrastructure Using an Integrated Cybersecurity Risk Management (i-CSRM) Framework5G Internet of Things and Changing Standards for Computing and Electronic Systems10.4018/978-1-6684-3855-8.ch004(94-133)Online publication date: 3-Jun-2022
https://doi.org/10.4018/978-1-6684-3855-8.ch004
Al-Dwairi MShatnawi AAl-Khaleel OAl-Duwairi B(2022)Ransomware-Resilient Self-Healing XML DocumentsFuture Internet10.3390/fi1404011514:4(115)Online publication date: 7-Apr-2022
https://doi.org/10.3390/fi14040115
Gogineni KDerasari PVenkataramani G(2022)Foreseer: Efficiently Forecasting Malware Event Series with Long Short-Term Memory2022 IEEE International Symposium on Secure and Private Execution Environment Design (SEED)10.1109/SEED55351.2022.00016(97-108)Online publication date: Sep-2022
https://doi.org/10.1109/SEED55351.2022.00016
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents