Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Dynamic application-layer protocol analysis for network intrusion detection
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Filtering spam with behavioral blacklisting
Proceedings of the 14th ACM conference on Computer and communications security
Enriching network security analysis with time travel
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Analysis of Computer Infection Risk Factors Based on Customer Network Usage
SECURWARE '08 Proceedings of the 2008 Second International Conference on Emerging Security Information, Systems and Technologies
SS'08 Proceedings of the 17th conference on Security symposium
A Survey of Botnet Technology and Defenses
CATCH '09 Proceedings of the 2009 Cybersecurity Applications & Technology Conference for Homeland Security
On dominant characteristics of residential broadband internet traffic
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Detecting spammers with SNARE: spatio-temporal network-level automatic reputation engine
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
A probabilistic population study of the Conficker-C botnet
PAM'10 Proceedings of the 11th international conference on Passive and active measurement
NAT usage in residential broadband networks
PAM'11 Proceedings of the 12th international conference on Passive and active measurement
Computing security in the developing world: a case for multidisciplinary research
NSDR '11 Proceedings of the 5th ACM workshop on Networked systems for developing regions
PhishLive: a view of phishing and malware attacks from an edge router
PAM'13 Proceedings of the 14th international conference on Passive and Active Measurement
Hi-index | 0.00 |
While conventional wisdom holds that residential users experience a high degree of compromise and infection, this presumption has seen little validation in the way of an in-depth study. In this paper we present a first step towards an assessment based on monitoring network activity (anonymized for user privacy) of 20,000 residential DSL customers in a European urban area, roughly 1,000 users of a community network in rural India, and several thousand dormitory users at a large US university. Our study focuses on security issues that overtly manifest in such data sets, such as scanning, spamming, payload signatures, and contact to botnet rendezvous points. We analyze the relationship between overt manifestations of such activity versus the "security hygiene" of the user populations (anti-virus and OS software updates) and potential risky behavior (accessing blacklisted URLs). We find that hygiene has little correlation with observed behavior, but risky behavior--which is quite prevalent--more than doubles the likelihood that a system will manifest security issues.