MARC보기
LDR00000nam u2200205 4500
001000000434138
00520200226141432
008200131s2019 ||||||||||||||||| ||eng d
020 ▼a 9781085605229
035 ▼a (MiAaPQ)AAI13885271
040 ▼a MiAaPQ ▼c MiAaPQ ▼d 247004
0820 ▼a 621
1001 ▼a DeKoven, Louis Floyd.
24510 ▼a Addressing Device Compromise from the Perspective of Large Organizations.
260 ▼a [S.l.]: ▼b University of California, San Diego., ▼c 2019.
260 1 ▼a Ann Arbor: ▼b ProQuest Dissertations & Theses, ▼c 2019.
300 ▼a 129 p.
500 ▼a Source: Dissertations Abstracts International, Volume: 81-02, Section: B.
500 ▼a Advisor: Savage, Stefan
5021 ▼a Thesis (Ph.D.)--University of California, San Diego, 2019.
506 ▼a This item must not be added to any third party search indexes.
506 ▼a This item must not be added to any third party search indexes.
506 ▼a This item must not be sold to any third party vendors.
506 ▼a This item must not be sold to any third party vendors.
520 ▼a Addressing compromised device is a problem for virtually all large organizations. Compromised devices can propagate malware resulting in theft of computing resources, loss of sensitive data, and extortion of money. Unfortunately, large organizations do not have an oracle into device compromise. Instead, organizations must address compromise without straightforward answers to critical questions such as: "Is this device compromised?", "Why/How is this device compromised?", "What's the correct intervention?". This problem, in part, results from limited observational vantage points, differences in intervention capabilities, and evolving adversaries with differing incentives. In this dissertation, I develop systems that empirically address multiple types of device compromise using large-scale observations within different organizations, thus placing us on a stronger footing to devise better interventions. I first describe an approach used at Facebook for detecting malicious browsers extensions. I present a methodology whereby users exhibiting suspicious online behaviors are scanned (with permission) to identify extensions in their browsers, and those extensions are in turn labeled based on the threat indicators they contain. Employing this methodology at Facebook I identify more than 1,700 lexically distinct malicious extensions, and use this labeling to drive user device clean-up efforts as well notify browser vendors. Next, I examine for-profit services offering to artificially manipulate a user's social standing on Instagram. I identify the techniques used by these services to drive social actions, detail how they are structured to evade straightforward detection, and characterize the dynamics of their customer base. Finally, I construct controlled experiments to disrupt these services and analyze how different approaches to intervention can drive different reactions, thus providing distinct trade-offs for defenders. Lastly, I describe a large-scale measurement of 15,000 laptop and desktop devices on a university's network to characterize the prevalence of security "best practices" and security-relevant behaviors, and quantify how they relate to device compromise. I use passive network traffic analysis techniques to infer a broad range of device features and per-machine compromise state. I find a number of behaviors positively correlate with host compromise, and few "best practices" exhibit negative correlations that would support their value in improving end user security.
590 ▼a School code: 0033.
650 4 ▼a Computer science.
650 4 ▼a Computer engineering.
690 ▼a 0984
690 ▼a 0464
71020 ▼a University of California, San Diego. ▼b Computer Science and Engineering.
7730 ▼t Dissertations Abstracts International ▼g 81-02B.
773 ▼t Dissertation Abstract International
790 ▼a 0033
791 ▼a Ph.D.
792 ▼a 2019
793 ▼a English
85640 ▼u http://www.riss.kr/pdu/ddodLink.do?id=T15491428 ▼n KERIS ▼z 이 자료의 원문은 한국교육학술정보원에서 제공합니다.
980 ▼a 202002 ▼f 2020
990 ▼a ***1816162
991 ▼a E-BOOK