An Assessment of Overt Malicious Activity Manifest in Residential Networks

Abstract

While conventional wisdom holds that residential users experience a high degree of compromise and infection, this presumption has seen little validation in the way of an in-depth study. In this paper we present a first step towards an assessment based on monitoring network activity (anonymized for user privacy) of 20,000 residential DSL customers in a European urban area, roughly 1,000 users of a community network in rural India, and several thousand dormitory users at a large US university. Our study focuses on security issues that overtly manifest in such data sets, such as scanning, spamming, payload signatures, and contact to botnet rendezvous points. We analyze the relationship between overt manifestations of such activity versus the "security hygiene" of the user populations (anti-virus and OS software updates) and potential risky behavior (accessing blacklisted URLs). We find that hygiene has little correlation with observed behavior, but risky behavior--which is quite prevalent--more than doubles the likelihood that a system will manifest security issues.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jul 07, 2011
Accession Number
ADA583956

Entities

People

  • Anja Feldmann
  • Gregor Maier
  • Matthias Vallentin
  • Robin Sommer
  • Vern Paxson

Organizations

  • University of California Regents

Tags

DTIC Thesaurus Topics

  • Anti-Virus Software
  • Application Protocols
  • Computers
  • Cybersecurity
  • Data Sets
  • Detection
  • Detectors
  • Electronic Mail
  • Internet
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Operating Systems
  • Port Scanners
  • Probability
  • Urban Areas
  • Web Browsers

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Theoretical Analysis.
  • Urban Planning and Geography.