Software updates as a security metric: Passive identification of update trends and effect on machine infection

Botnets have become a vital part of underground economy and botherders are actively looking for new recruits to join their bot army. A lapse by an end user or an administrator in terms of not updating their software enables the botherder to achieve this objective. In this paper we will investigate the phenomenon of a machine infection from the perspective of a user update behavior. We also present type of attacks that are launched by hackers to compromise machine and the vulnerabilities that lead to such attacks as a result of update behavior. We will also characterize the user update behavior on the test network of study. Finally we will compare the update behavior of machines that were infected with the ones that were not infected. The objective of this investigation is to see if update behavior could be used as an effective security metric, our trends show that there is a very clear correlation between the machines that were infected and the machines that were not updated.

[1]  A. Nur Zincir-Heywood,et al.  VEA-bility Security Metric: A Network Security Analysis Tool , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[2]  Nick Mathewson,et al.  Survivable key compromise in software update systems , 2010, CCS '10.

[3]  Ehab Al-Shaer,et al.  A Novel Quantitative Approach For Measuring Network Security , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[4]  Christos Gkantsidis,et al.  Planet scale software updates , 2006, SIGCOMM 2006.

[5]  Soumya K. Ghosh,et al.  An Approach for Security Assessment of Network Configurations Using Attack Graph , 2009, 2009 First International Conference on Networks & Communications.

[6]  Mohammad Omer,et al.  Decision centric identification and rank ordering of security metrics , 2012, 37th Annual IEEE Conference on Local Computer Networks.

[7]  Lingyu Wang,et al.  Measuring Network Security Using Bayesian Network-Based Attack Graphs , 2008, 2008 32nd Annual IEEE International Computer Software and Applications Conference.