1. The public health analogy in Web security
- Author
-
Fryer, Huw and Chown, Tim
- Subjects
005.8 - Abstract
Traditional law enforcement methods have proven inadequate against the current levels of cybercrime we are experiencing. This is due to the ease of automating attacks, and also that even a single jurisdiction prepared to ignore or unable to prosecute cybercriminals mean that they are usually beyond the reach of local law enforcement. This has led to different analogies to attempt to describe the phenomenon, and one of these is that of public health. In the past, this was used to describe the propagation methods of computer 'viruses', which exhibited similar characteristics to biological viruses. Whilst other malware also had a similar propagation pattern, these no longer apply given the popularity of drive-by downloads, where Web pages attack users who visit them. A consequence of this new method of propagation is that 'infected' machines do not have any contagion, so one infected machine on a network does not mean that another machine on the network will become infected as well. This thesis proposes a novel interpretation of the public health analogy, which focuses on the notions of efficacy and rights, so that these guidelines can continue to be used. This is considered in the context of the major stakeholders who could intervene in the drive-by download process, where it is concluded that hosting providers are best placed to intervene to make a difference. It is proposed that they should proactively search for vulnerable websites they host, and warn the operator, implementing blocking procedures if the operator does not respond. An agent based model is then used to assess the efficacy of such an intervention.
- Published
- 2016