Security Analytics: Bridging large-scale data collection and analysis with human factors to design better defenses

Abstract

In this talk, I will argue that understanding incentives of both attackers and targets has become critical to strengthening online security. I will advocate the need for an interdisciplinary research agenda, ranging from network measurements and large-scale data analysis to human factor modeling. Using case studies (online sale of unlicensed pharmaceutical drugs, and anonymous marketplaces), I will first describe how longitudinal, large-scale measurements and data analysis reveal important economic and structural properties of a priori complex criminal ecosystems. I will then discuss how these structural properties can be used to design successful interventions, both from a policy and from a technical angle. On the policy side, I will show that our criminal ecosystem analysis evidences "concentration points," whose disruption could effectively hamper illicit operations. On the technical side, I will demonstrate how we can use adversaries' incentives to design and build systems that can proactively identify future attack targets. I will conclude by outlining a roadmap for security research combining measurements, mathematical modeling and behavioral aspects.