A Case-Control Study to Measure Behavioral Risks of Malware Encounters in Organizations

Marcello Meschini, Giorgio Di Tizio, Marco Balduzzi, Fabio Massacci*

*Corresponding author for this work

Research output: Contribution to JournalArticleAcademicpeer-review

Abstract

The behavior of enterprise users (e.g. browsing at night or visiting gambling sites) is a potential factor that might increase the chances of malware encounters (e.g. coinminers vs ransomware) on the field. We report a case-control study on telemetry data collected by Trend Micro, a global cybersecurity vendor, to identify users' behavioral characteristics that can be used to differentiate cybersecurity risks profiles. Our results show that different types of 'patients zero' are vulnerable to different types of epidemics. The odds ratio of encountering malware such as PUAs, trojans, and hacktools is higher for a variety of network and system behavior (e.g. number, types, and diversity of visited web sites, visit of gambling sites, etc.) but it is not significant for other factors such as browsing at night. Other type of malware such as coinminers have an increase in the odds ratio only for few type of factors (e.g. gambling web sites). We also present a specific methodology tailored for investigating self-propagating malware such as ransomware in which one is infected by one's neighbor. With this approach, we observed a more accurate characterization of the odds of encountering ransomware based on system-based behaviors than with a standard case-control study setup. Experiments with different vendors may be needed to generalize the results and offset potential bias due to differences in market share.

Original languageEnglish
Pages (from-to)9419-9432
Number of pages14
JournalIEEE Transactions on Information Forensics and Security
Volume19
Early online date10 Sept 2024
DOIs
Publication statusPublished - 2024

Bibliographical note

Publisher Copyright:
© 2005-2012 IEEE.

Funding

FundersFunder number
HEWSTI
European Commission952647, 101120393
European Commission
Nederlandse Organisatie voor Wetenschappelijk Onderzoekn.NWA-1215.18.006, n.KICH1.VE01.20.004
Nederlandse Organisatie voor Wetenschappelijk Onderzoek

    Keywords

    • case-control study
    • Malware
    • risk factors

    Fingerprint

    Dive into the research topics of 'A Case-Control Study to Measure Behavioral Risks of Malware Encounters in Organizations'. Together they form a unique fingerprint.

    Cite this