The public health analogy in web security
The public health analogy in web security
Traditional law enforcement methods have proven inadequate against the current levels of cybercrime we are experiencing. This is due to the ease of automating attacks, and also that even a single jurisdiction prepared to ignore or unable to prosecute cybercriminals mean that they are usually beyond the reach of local law enforcement. This has led to different analogies to attempt to describe the phenomenon, and one of these is that of public health. In the past, this was used to describe the propagation methods of computer \viruses", which exhibited similar characteristics to biological viruses. Whilst other malware also had a similar propagation pattern, these no longer apply given the popularity of drive-by downloads, where Web pages attack users who visit them. A consequence of this new method of propagation is that \infected" machines do not have any contagion, so one infected machine on a network does not mean that an other machine on the network will become infected as well.
This thesis proposes a novel interpretation of the public health analogy, which focuses on the notions of efficacy and rights, so that these guidelines can continue to be used. This is considered in the context of the major stakeholders who could intervene in the drive-by download process, where it is concluded that hosting providers are best placed to intervene to make a difference. It is proposed that they should proactively search for vulnerable websites they host, and warn the operator, implementing blocking procedures if the operator does not respond. An agent based model is then used to assess the efficacy of such an intervention.
University of Southampton
Fryer, Huw
be9ebee6-cbdd-4a8b-8e81-c4a47c9d7ea6
March 2016
Fryer, Huw
be9ebee6-cbdd-4a8b-8e81-c4a47c9d7ea6
Chown, Tim
ec204b89-ace4-4cba-94a9-38e7649e9dee
Fryer, Huw
(2016)
The public health analogy in web security.
University of Southampton, Doctoral Thesis, 211pp.
Record type:
Thesis
(Doctoral)
Abstract
Traditional law enforcement methods have proven inadequate against the current levels of cybercrime we are experiencing. This is due to the ease of automating attacks, and also that even a single jurisdiction prepared to ignore or unable to prosecute cybercriminals mean that they are usually beyond the reach of local law enforcement. This has led to different analogies to attempt to describe the phenomenon, and one of these is that of public health. In the past, this was used to describe the propagation methods of computer \viruses", which exhibited similar characteristics to biological viruses. Whilst other malware also had a similar propagation pattern, these no longer apply given the popularity of drive-by downloads, where Web pages attack users who visit them. A consequence of this new method of propagation is that \infected" machines do not have any contagion, so one infected machine on a network does not mean that an other machine on the network will become infected as well.
This thesis proposes a novel interpretation of the public health analogy, which focuses on the notions of efficacy and rights, so that these guidelines can continue to be used. This is considered in the context of the major stakeholders who could intervene in the drive-by download process, where it is concluded that hosting providers are best placed to intervene to make a difference. It is proposed that they should proactively search for vulnerable websites they host, and warn the operator, implementing blocking procedures if the operator does not respond. An agent based model is then used to assess the efficacy of such an intervention.
Text
THESIS_Corrections
- Version of Record
More information
Published date: March 2016
Identifiers
Local EPrints ID: 412399
URI: http://eprints.soton.ac.uk/id/eprint/412399
PURE UUID: d5640e9a-9e6d-4c8c-8dc1-4ea9d7da4f9c
Catalogue record
Date deposited: 17 Jul 2017 13:34
Last modified: 16 Mar 2024 02:39
Export record
Contributors
Author:
Huw Fryer
Thesis advisor:
Tim Chown
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics