000000314 001__ 314
000000314 005__ 20161212041428.0
000000314 037__ $$aLERSSE-RefConfPaper-2016-003
000000314 100__ $$aHassan Halawa
000000314 245__ $$aHarvesting the Low-hanging Fruits: Defending Against Automated Large-Scale Cyber-Intrusions
by Focusing on the Vulnerable Population 
000000314 260__ $$c2016-09-29
000000314 300__ $$a12
000000314 520__ $$aThe orthodox paradigm to defend against automated social-engineering attacks in large-scale socio-technical systems is reactive and victim-agnostic. Defenses generally focus on identifying the attacks/attackers (e.g., phishing emails, social-bot infiltrations, malware offered for download). To change the status quo, we propose to identify, even if imperfectly, the vulnerable user population, that is, the users that are likely to fall victim to such attacks. Once identified, information about the vulnerable population can be used in two ways. First, the vulnerable population can be influenced by the defender through several means including: education, specialized user experience, extra protection layers and watchdogs. In the same vein, information about the vulnerable population can ultimately be used to fine-tune and reprioritize defense mechanisms to offer differentiated protection, possibly at the cost of additional friction generated by the defense mechanism. Secondly, information about the user population can be used to identify an attack (or compromised users) based on differences between the general and the vulnerable population. This paper considers the implications of the proposed paradigm on existing defenses in three areas (phishing of user credentials, malware distribution and socialbot infiltration) and discusses how using knowledge of the vulnerable population can enable more robust defenses. 
000000314 6531_ $$aVulnerable population
000000314 6531_ $$aCyber intrusions
000000314 6531_ $$aDefense system design
000000314 700__ $$aKonstantin Beznosov
000000314 700__ $$aYazan Boshmaf
000000314 700__ $$aBaris Coskun
000000314 700__ $$aMatei Ripeanu
000000314 700__ $$aElizeu Santos-Neto
000000314 8560_ $$flersse-it@ece.ubc.ca
000000314 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/314/files/nspw2016_halawa.pdf
000000314 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/314/files/nspw2016_halawa.pdf?subformat=pdfa$$xpdfa
000000314 909C4 $$pIn Proceedings of the New Security Paradigms Workshop (NSPW), September 26-29, 2016, Granby, CO, USA.
000000314 980__ $$aRefConfPaper