The University of Southampton
University of Southampton Institutional Repository

The public health analogy in web security

The public health analogy in web security
The public health analogy in web security
Traditional law enforcement methods have proven inadequate against the current levels of cybercrime we are experiencing. This is due to the ease of automating attacks, and also that even a single jurisdiction prepared to ignore or unable to prosecute cybercriminals mean that they are usually beyond the reach of local law enforcement. This has led to different analogies to attempt to describe the phenomenon, and one of these is that of public health. In the past, this was used to describe the propagation methods of computer \viruses", which exhibited similar characteristics to biological viruses. Whilst other malware also had a similar propagation pattern, these no longer apply given the popularity of drive-by downloads, where Web pages attack users who visit them. A consequence of this new method of propagation is that \infected" machines do not have any contagion, so one infected machine on a network does not mean that an other machine on the network will become infected as well.
This thesis proposes a novel interpretation of the public health analogy, which focuses on the notions of efficacy and rights, so that these guidelines can continue to be used. This is considered in the context of the major stakeholders who could intervene in the drive-by download process, where it is concluded that hosting providers are best placed to intervene to make a difference. It is proposed that they should proactively search for vulnerable websites they host, and warn the operator, implementing blocking procedures if the operator does not respond. An agent based model is then used to assess the efficacy of such an intervention.
University of Southampton
Fryer, Huw
be9ebee6-cbdd-4a8b-8e81-c4a47c9d7ea6
Fryer, Huw
be9ebee6-cbdd-4a8b-8e81-c4a47c9d7ea6
Chown, Tim
ec204b89-ace4-4cba-94a9-38e7649e9dee

Fryer, Huw (2016) The public health analogy in web security. University of Southampton, Doctoral Thesis, 211pp.

Record type: Thesis (Doctoral)

Abstract

Traditional law enforcement methods have proven inadequate against the current levels of cybercrime we are experiencing. This is due to the ease of automating attacks, and also that even a single jurisdiction prepared to ignore or unable to prosecute cybercriminals mean that they are usually beyond the reach of local law enforcement. This has led to different analogies to attempt to describe the phenomenon, and one of these is that of public health. In the past, this was used to describe the propagation methods of computer \viruses", which exhibited similar characteristics to biological viruses. Whilst other malware also had a similar propagation pattern, these no longer apply given the popularity of drive-by downloads, where Web pages attack users who visit them. A consequence of this new method of propagation is that \infected" machines do not have any contagion, so one infected machine on a network does not mean that an other machine on the network will become infected as well.
This thesis proposes a novel interpretation of the public health analogy, which focuses on the notions of efficacy and rights, so that these guidelines can continue to be used. This is considered in the context of the major stakeholders who could intervene in the drive-by download process, where it is concluded that hosting providers are best placed to intervene to make a difference. It is proposed that they should proactively search for vulnerable websites they host, and warn the operator, implementing blocking procedures if the operator does not respond. An agent based model is then used to assess the efficacy of such an intervention.

Text
THESIS_Corrections - Version of Record
Available under License University of Southampton Thesis Licence.
Download (3MB)

More information

Published date: March 2016

Identifiers

Local EPrints ID: 412399
URI: http://eprints.soton.ac.uk/id/eprint/412399
PURE UUID: d5640e9a-9e6d-4c8c-8dc1-4ea9d7da4f9c
ORCID for Tim Chown: ORCID iD orcid.org/0000-0002-4726-018X

Catalogue record

Date deposited: 17 Jul 2017 13:34
Last modified: 22 Mar 2019 01:37

Export record

Contributors

Author: Huw Fryer
Thesis advisor: Tim Chown ORCID iD

University divisions

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×