Academic Commons

Chapters (Layout Features)

Measuring Drive-by Download Defense in Depth

Boggs, Nathaniel Gordon; Du, Senyao; Stolfo, Salvatore

Defense in depth is vital as no single security product detects all of today’s attacks. To design defense in depth organizations rely on best practices and isolated product reviews with no way to determine the marginal benefit of additional security products. We propose empirically testing security products’ detection rates by linking multiple pieces of data such as network traffic, executable files, and an email to the attack that generated all the data. This allows us to directly compare diverse security products and to compute the increase in total detection rate gained by adding a security product to a defense in depth strategy not just its stand alone detection rate. This approach provides an automated means of evaluating risks and the security posture of alternative security architectures. We perform an experiment implementing this approach for real drive-by download attacks found in a real time email spam feed and compare over 40 security products and human click-through rates by linking email, URL, network content, and executable file attack data.

Files

  • thumnail for boggs_driveby_paper81.pdf boggs_driveby_paper81.pdf application/pdf 1.51 MB Download File

Also Published In

Title
Research in Attacks, Intrusions and Defenses: 17th International Symposium, RAID 2014, Gothenburg, Sweden, September 17-19, 2014. Proceedings
Publisher
Springer
DOI
https://doi.org/10.1007/978-3-319-11379-1_9

More About This Work

Academic Units
Computer Science
Published Here
May 9, 2016
Academic Commons provides global access to research and scholarship produced at Columbia University, Barnard College, Teachers College, Union Theological Seminary and Jewish Theological Seminary. Academic Commons is managed by the Columbia University Libraries.