Insights into user behavior in dealing with common Internet attacks

buir.advisorSelçuk, Ali Aydın
dc.contributor.authorYılmaz, Utku Ozan
dc.departmentDepartment of Computer Engineeringen_US
dc.descriptionAnkara : The Department of Computer Engineering and the Graduate School of Engineering and Science of Bilkent University, 2011.en_US
dc.descriptionThesis (Master's) -- Bilkent University, 2011.en_US
dc.descriptionIncludes bibliographical references leaves 45-50.en_US
dc.description.abstractThe Internet’s immense popularity has made it an attractive medium for attackers. Today, criminals often make illegal profits by targeting Internet users. Most common Internet attacks require some form of user interaction such as clicking on an exploit link, or dismissing a security warning dialogue. Hence, the security problem at hand is not only a technical one, but it also has a strong human aspect. Although the security community has proposed many technical solutions to mitigate common Internet attacks, the behavior of users when they face these attacks remains a largely unexplored area. In this work, we describe an online experiment platform we built for testing the behavior of users when they are confronted with common, concrete attack scenarios such as reflected cross-site scripting, session fixation, scareware and file sharing scams. We conducted experiments with more than 160 Internet users with diverse backgrounds. Our findings show that non-technical users can exhibit comparable performance to knowledgeable users at averting relatively simple and well-known threats (e.g., email scams). While doing so, they do not consciously perceive the risk, but solely depend on their intuition and past experience (i.e., there is a training effect). However, in more sophisticated attacks, these nontechnical users often rely on misleading cues such as the “size” and “length” of artifacts (e.g., URLs), and fail to protect themselves. Our findings also show that trick banners that are common in file sharing websites and shortened URLs have high success rates of deceiving non-technical users, thus posing a severe security risk.en_US
dc.description.statementofresponsibilityYılmaz, Utku Ozanen_US
dc.format.extentix, 50 leaves, tablesen_US
dc.publisherBilkent Universityen_US
dc.subjectSimulated attacksen_US
dc.subjectInternet securityen_US
dc.subjectUser behavioren_US
dc.subject.lccQA76.9.A25 Y55 2011en_US
dc.subject.lcshComputer security.en_US
dc.subject.lcshInternet--Security measures.en_US
dc.subject.lcshComputer crimes--Investigantion.en_US
dc.titleInsights into user behavior in dealing with common Internet attacksen_US
Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
1.3 MB
Adobe Portable Document Format