The domino effect of password reuse
Communications of the ACM - Human-computer etiquette
Strategies for sound internet measurement
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Extending the Linear Model with R (Texts in Statistical Science)
Extending the Linear Model with R (Texts in Statistical Science)
Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish
Proceedings of the 3rd symposium on Usable privacy and security
Communications of the ACM
An inquiry into the nature and causes of the wealth of internet miscreants
Proceedings of the 14th ACM conference on Computer and communications security
Spamalytics: an empirical analysis of spam marketing conversion
Proceedings of the 15th ACM conference on Computer and communications security
School of phish: a real-world evaluation of anti-phishing training
Proceedings of the 5th Symposium on Usable Privacy and Security
Your botnet is my botnet: analysis of a botnet takeover
Proceedings of the 16th ACM conference on Computer and communications security
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Teaching Johnny not to fall for phish
ACM Transactions on Internet Technology (TOIT)
Learning more about the underground economy: a case-study of keyloggers and dropzones
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Outside the Closed World: On Using Machine Learning for Network Intrusion Detection
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Testing metrics for password creation policies by attacking large sets of revealed passwords
Proceedings of the 17th ACM conference on Computer and communications security
Analysis of Credential Stealing Attacks in an Open Networked Environment
NSS '10 Proceedings of the 2010 Fourth International Conference on Network and System Security
Using Fingerprint Authentication to Reduce System Security: An Empirical Study
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Measuring pay-per-install: the commoditization of malware distribution
SEC'11 Proceedings of the 20th USENIX conference on Security
Safeguarding academic accounts and resources with the University Credential Abuse Auditing System
DSN '12 Proceedings of the 2012 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
| Hi-index | 0.00 |
The rapid evolution of threat ecosystems and the shifting focus of adversarial actions complicate efforts to assure security of an organization's computer networks. Efforts to build a rigorous science of security, one consisting of sound and reproducible empirical evaluations, start with measures of these threats, their impacts, and the factors that influence both attackers and victims. In this study, we present a careful examination of the issue of account compromise at two large academic institutions. In particular, we evaluate different hypotheses that capture common perceptions about factors influencing victims (e.g., demographics, location, behavior) and about the effectiveness of mitigation efforts (e.g., policy, education). While we present specific and sometimes surprising results of this analysis at our institutions, our goal is to highlight the need for similar in-depth studies elsewhere.