dc.contributor.advisor | Selçuk, Ali Aydın | |
dc.contributor.author | Yılmaz, Utku Ozan | |
dc.date.accessioned | 2016-01-08T18:24:20Z | |
dc.date.available | 2016-01-08T18:24:20Z | |
dc.date.issued | 2011 | |
dc.identifier.uri | http://hdl.handle.net/11693/15769 | |
dc.description | Ankara : The Department of Computer Engineering and the Graduate School of Engineering and Science of Bilkent University, 2011. | en_US |
dc.description | Thesis (Master's) -- Bilkent University, 2011. | en_US |
dc.description | Includes bibliographical references leaves 45-50. | en_US |
dc.description.abstract | The Internet’s immense popularity has made it an attractive medium for attackers.
Today, criminals often make illegal profits by targeting Internet users. Most
common Internet attacks require some form of user interaction such as clicking
on an exploit link, or dismissing a security warning dialogue. Hence, the security
problem at hand is not only a technical one, but it also has a strong human
aspect. Although the security community has proposed many technical solutions
to mitigate common Internet attacks, the behavior of users when they face these
attacks remains a largely unexplored area.
In this work, we describe an online experiment platform we built for testing
the behavior of users when they are confronted with common, concrete attack
scenarios such as reflected cross-site scripting, session fixation, scareware and
file sharing scams. We conducted experiments with more than 160 Internet users
with diverse backgrounds. Our findings show that non-technical users can exhibit
comparable performance to knowledgeable users at averting relatively simple and
well-known threats (e.g., email scams). While doing so, they do not consciously
perceive the risk, but solely depend on their intuition and past experience (i.e.,
there is a training effect). However, in more sophisticated attacks, these nontechnical
users often rely on misleading cues such as the “size” and “length” of
artifacts (e.g., URLs), and fail to protect themselves. Our findings also show that
trick banners that are common in file sharing websites and shortened URLs have
high success rates of deceiving non-technical users, thus posing a severe security
risk. | en_US |
dc.description.statementofresponsibility | Yılmaz, Utku Ozan | en_US |
dc.format.extent | ix, 50 leaves, tables | en_US |
dc.language.iso | English | en_US |
dc.rights | info:eu-repo/semantics/openAccess | en_US |
dc.subject | Simulated attacks | en_US |
dc.subject | Internet security | en_US |
dc.subject | User behavior | en_US |
dc.subject.lcc | QA76.9.A25 Y55 2011 | en_US |
dc.subject.lcsh | Computer security. | en_US |
dc.subject.lcsh | Internet--Security measures. | en_US |
dc.subject.lcsh | Computer crimes--Investigantion. | en_US |
dc.title | Insights into user behavior in dealing with common Internet attacks | en_US |
dc.type | Thesis | en_US |
dc.department | Department of Computer Engineering | en_US |
dc.publisher | Bilkent University | en_US |
dc.description.degree | M.S. | en_US |
dc.identifier.itemid | B123604 | |