论文信息 - Survey of Non-malicious User Actions that Introduce Network and System Vulnerabilities and Exploits

Survey of Non-malicious User Actions that Introduce Network and System Vulnerabilities and Exploits

Security is a growing concern in modern computer networks. Despite the implementation of significant security measures, a network can still be exposed to attackers by the actions of its users. Both attackers and penetration testers use social engineering tactics to exploit the mistakes made by users. For example, a user being tricked into clicking on a malicious link in a phishing email. Network security administrators seek ways to prevent intrusion into the network initiated by users performing such risky actions, and use methodologies to detect and respond safely when those actions occur. If we were able to simulate these user actions in a controlled network, it would help prepare networks to be sufficiently hardened to prevent exposure. The goal of this paper is to seek out different ways users create vulnerabilities, and use that information to determine the feasibility of replicating them in a network as semi-autonomous agents for evaluating security. We seek to determine existing research on network breaches caused by unwitting-users, the common and current exploits attackers use to trick users, and the mitigations that can prevent intrusion into the network.

Aidan F. Browne | Stacey Watson | Anibal Robles | Jarrod Norris

[1] Sonia Chiasson,et al. Why phishing still works: User strategies for combating phishing attacks , 2015, Int. J. Hum. Comput. Stud..

[2] Raymond Gozzi. A Brief History of Internet Time , 2002 .

[3] Adrienne Porter Felt,et al. Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness , 2013, USENIX Security Symposium.

[4] Adrian Perrig,et al. Phoolproof Phishing Prevention , 2006, Financial Cryptography.

[5] 윤한수,et al. 초소형 Telemetry 개발 , 2011 .

[6] Ray Hunt,et al. A taxonomy of network and computer attacks , 2005, Comput. Secur..

[7] G. Stoneburner,et al. Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[8] Marti A. Hearst,et al. Why phishing works , 2006, CHI.

[9] Lorrie Faith Cranor,et al. Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish , 2007, SOUPS '07.

[10] Vinton G. Cerf,et al. A brief history of the internet , 1999, CCRV.

[11] Laura A. Dabbish,et al. "My Data Just Goes Everywhere: " User Mental Models of the Internet and Implications for Privacy and Security , 2015, SOUPS.

[12] Shudong Zhou. Virtual networking , 2010, OPSR.