PeerSec: Towards Peer Production and Crowdsourcing for Enhanced Security

Peer production and crowdsourcing have been widely implemented to create various types of goods and services. Although successful examples such as Linux and Wikipedia have been established in other domains, experts have paid little attention to peer-produced systems in computer security beyond collaborative recommender and intrusion detection systems. In this paper we present a new approach for security system design targeting a set of non-technical, self-organized communities. We argue that unlike many current security implementations (which suffer from low rates of adoption), individuals would have greater incentives to participate in a security community characterized by peer production. A specific design framework for peer production and crowd-sourcing are introduced. One high-level security scenario (on mitigation of insider threats) is then provided as an example implementation. Defeating the insider threat was chosen as an example implementation because it has been framed as a strictly (and inherently) firm-produced good. We argue that use of peer production and crowd-sourcing will increase network security in the aggregate.

[1]  Saurabh Bagchi,et al.  Collaborative intrusion detection system (CIDS): a framework for accurate and efficient IDS , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[2]  Paul Kevenhörster,et al.  Elinor Ostrom, Governing the Commons. The Evolution of Institutions for Collective Action, Cambridge 1990 , 2007 .

[3]  R. Hinde,et al.  Governing the Commons: The Evolution of Institutions for Governing the Commons: The Evolution of Institutions for Collective Action Collective Action , 2010 .

[4]  Tyler Moore,et al.  Evaluating the Wisdom of Crowds in Assessing Phishing Websites , 2008, Financial Cryptography.

[5]  L. Jean Camp,et al.  The decreasing marginal value of evaluation network size , 2011, CSOC.

[6]  John Krumm,et al.  User-Generated Content , 2008, IEEE Pervasive Comput..

[7]  Joan V. Robinson,et al.  The Nature of the Firm , 2004 .

[8]  G. Brady Governing the Commons: The Evolution of Institutions for Collective Action , 1993 .

[9]  Ross J. Anderson Why information security is hard - an economic perspective , 2001, Seventeenth Annual Computer Security Applications Conference.

[10]  Filippo Menczer,et al.  Bookmark Hierarchies and Collaborative Recommendation , 2006, AAAI.

[11]  R. Coase The Nature of the Firm , 1937 .

[12]  William W. Cohen,et al.  Web-collaborative filtering: recommending music by crawling the Web , 2000, Comput. Networks.

[13]  David M. Pennock,et al.  Applying collaborative filtering techniques to movie search for better ranking and browsing , 2007, KDD '07.

[14]  Chris Kanich,et al.  Show Me the Money: Characterizing Spam-advertised Revenue , 2011, USENIX Security Symposium.

[15]  L. Jean Camp,et al.  Mitigating Inadvertent Insider Threats with Incentives , 2009, Financial Cryptography.

[16]  L. J. Camp Pricing Security , 2000 .

[17]  Markus Jakobsson,et al.  Social phishing , 2007, CACM.

[18]  L. Jean Camp,et al.  Reliable Usable Signals to Prevent Masquerade Attacks , 2006, WEIS.

[19]  Lawrence Lessig Social Meaning and Social Norms , 1996 .

[20]  L. Jean Camp,et al.  Online Promiscuity: Prophylactic Patching and the Spread of Computer Transmitted Infections , 2012, WEIS.

[21]  Joseph Bonneau,et al.  What's in a Name? , 2020, Financial Cryptography.

[22]  Yochai Benkler,et al.  Coase's Penguin, or Linux and the Nature of the Firm , 2001, ArXiv.