상세정보
Export to Refworks부가기능
Addressing Device Compromise from the Perspective of Large Organizations
상세 프로파일
| 자료유형 | 학위논문 |
|---|---|
| 서명/저자사항 | Addressing Device Compromise from the Perspective of Large Organizations. |
| 개인저자 | DeKoven, Louis Floyd. |
| 단체저자명 | University of California, San Diego. Computer Science and Engineering. |
| 발행사항 | [S.l.]: University of California, San Diego., 2019. |
| 발행사항 | Ann Arbor: ProQuest Dissertations & Theses, 2019. |
| 형태사항 | 129 p. |
| 기본자료 저록 | Dissertations Abstracts International 81-02B. Dissertation Abstract International |
| ISBN | 9781085605229 |
| 학위논문주기 | Thesis (Ph.D.)--University of California, San Diego, 2019. |
| 일반주기 |
Source: Dissertations Abstracts International, Volume: 81-02, Section: B.
Advisor: Savage, Stefan |
| 이용제한사항 | This item must not be added to any third party search indexes.This item must not be added to any third party search indexes.This item must not be sold to any third party vendors.This item must not be sold to any third party vendors. |
| 요약 | Addressing compromised device is a problem for virtually all large organizations. Compromised devices can propagate malware resulting in theft of computing resources, loss of sensitive data, and extortion of money. Unfortunately, large organizations do not have an oracle into device compromise. Instead, organizations must address compromise without straightforward answers to critical questions such as: "Is this device compromised?", "Why/How is this device compromised?", "What's the correct intervention?". This problem, in part, results from limited observational vantage points, differences in intervention capabilities, and evolving adversaries with differing incentives. In this dissertation, I develop systems that empirically address multiple types of device compromise using large-scale observations within different organizations, thus placing us on a stronger footing to devise better interventions. I first describe an approach used at Facebook for detecting malicious browsers extensions. I present a methodology whereby users exhibiting suspicious online behaviors are scanned (with permission) to identify extensions in their browsers, and those extensions are in turn labeled based on the threat indicators they contain. Employing this methodology at Facebook I identify more than 1,700 lexically distinct malicious extensions, and use this labeling to drive user device clean-up efforts as well notify browser vendors. Next, I examine for-profit services offering to artificially manipulate a user's social standing on Instagram. I identify the techniques used by these services to drive social actions, detail how they are structured to evade straightforward detection, and characterize the dynamics of their customer base. Finally, I construct controlled experiments to disrupt these services and analyze how different approaches to intervention can drive different reactions, thus providing distinct trade-offs for defenders. Lastly, I describe a large-scale measurement of 15,000 laptop and desktop devices on a university's network to characterize the prevalence of security "best practices" and security-relevant behaviors, and quantify how they relate to device compromise. I use passive network traffic analysis techniques to infer a broad range of device features and per-machine compromise state. I find a number of behaviors positively correlate with host compromise, and few "best practices" exhibit negative correlations that would support their value in improving end user security. |
| 일반주제명 | Computer science. Computer engineering. |
| 언어 | 영어 |
| 바로가기 | 
: 이 자료의 원문은 한국교육학술정보원에서 제공합니다. |
