Are Computer Focused Crimes Impacted by System Configurations? An Empirical Study

This paper describes an empirical study to assess whether computer focused crimes are impacted by system configurations. The study relies on data collected during 30 days on a farm of target computers of various configurations (disk space, memory size, and bandwidth). In addition, some target computers included a warning sign. Following a brute force attack on SSH, attackers randomly access one of these computer configurations and are allowed to use it for 30 days. We monitor network traffic and attackers' keystrokes to analyze the attack. This paper focuses specifically on the crime, i.e., the use of the computer to launch an attack towards an external target. We define various computer focused crime characteristics (i.e., whether the attack was destructive or not, whether the target was an opportunity or a choice, whether the attack was coordinated or not) and analyze whether the committed crime is significantly impacted by the system configuration.

[1]  Wei Zou,et al.  Characterizing the IRC-based Botnet Phenomenon , 2007 .

[2]  Kit Burden,et al.  Internet crime: Cyber Crime - A new breed of criminal? , 2003, Comput. Law Secur. Rev..

[3]  Marc Dacier,et al.  Lessons learned from the deployment of a high-interaction honeypot , 2006, 2006 Sixth European Dependable Computing Conference.

[4]  Robin Berthier,et al.  Analyzing the process of installing rogue software , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[5]  Jae-Kwang Lee,et al.  An Empirical Study of Spam and Spam Vulnerable email Accounts , 2007, Future Generation Communication and Networking (FGCN 2007).

[6]  Rui Xu,et al.  Defending against UDP Flooding by Negative Selection Algorithm Based on Eigenvalue Sets , 2009, 2009 Fifth International Conference on Information Assurance and Security.

[7]  Jayant Gadge,et al.  Port scan detection , 2008, 2008 16th IEEE International Conference on Networks.

[8]  U. Bayer,et al.  TTAnalyze: A Tool for Analyzing Malware , 2006 .

[9]  Robin Berthier,et al.  Profiling Attacker Behavior Following SSH Compromises , 2007, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07).

[10]  Robin Berthier,et al.  Characterizing Attackers and Attacks: An Empirical Study , 2011, 2011 IEEE 17th Pacific Rim International Symposium on Dependable Computing.

[11]  Calton Pu,et al.  Evolutionary study of phishing , 2008, 2008 eCrime Researchers Summit.

[12]  P. V. Oorschot,et al.  Revisiting Defenses against Large-Scale Online Password Guessing Attacks , 2012, IEEE Transactions on Dependable and Secure Computing.

[13]  Paul Hunton,et al.  The growing phenomenon of crime and the internet: A cybercrime execution and analysis model , 2009, Comput. Law Secur. Rev..

[14]  Steven Furnell,et al.  Cybercrime: Vandalizing the Information Society , 2003, ICWE.

[15]  Felix C. Freiling,et al.  Toward Automated Dynamic Malware Analysis Using CWSandbox , 2007, IEEE Secur. Priv..