Abstract
The behavior of enterprise users (e.g. browsing at night or visiting gambling sites) is a potential factor that might increase the chances of malware encounters (e.g. coinminers vs ransomware) on the field. We report a case-control study on telemetry data collected by Trend Micro, a global cybersecurity vendor, to identify users' behavioral characteristics that can be used to differentiate cybersecurity risks profiles. Our results show that different types of 'patients zero' are vulnerable to different types of epidemics. The odds ratio of encountering malware such as PUAs, trojans, and hacktools is higher for a variety of network and system behavior (e.g. number, types, and diversity of visited web sites, visit of gambling sites, etc.) but it is not significant for other factors such as browsing at night. Other type of malware such as coinminers have an increase in the odds ratio only for few type of factors (e.g. gambling web sites). We also present a specific methodology tailored for investigating self-propagating malware such as ransomware in which one is infected by one's neighbor. With this approach, we observed a more accurate characterization of the odds of encountering ransomware based on system-based behaviors than with a standard case-control study setup. Experiments with different vendors may be needed to generalize the results and offset potential bias due to differences in market share.
Original language | English |
---|---|
Pages (from-to) | 9419-9432 |
Number of pages | 14 |
Journal | IEEE Transactions on Information Forensics and Security |
Volume | 19 |
Early online date | 10 Sept 2024 |
DOIs | |
Publication status | Published - 2024 |
Bibliographical note
Publisher Copyright:© 2005-2012 IEEE.
Funding
Funders | Funder number |
---|---|
HEWSTI | |
European Commission | 952647, 101120393 |
European Commission | |
Nederlandse Organisatie voor Wetenschappelijk Onderzoek | n.NWA-1215.18.006, n.KICH1.VE01.20.004 |
Nederlandse Organisatie voor Wetenschappelijk Onderzoek |
Keywords
- case-control study
- Malware
- risk factors