2014 Articles
Measuring Drive-by Download Defense in Depth
Defense in depth is vital as no single security product detects all of today’s attacks. To design defense in depth organizations rely on best practices and isolated product reviews with no way to determine the marginal benefit of additional security products. We propose empirically testing security products’ detection rates by linking multiple pieces of data such as network traffic, executable files, and an email to the attack that generated all the data. This allows us to directly compare diverse security products and to compute the increase in total detection rate gained by adding a security product to a defense in depth strategy not just its stand alone detection rate. This approach provides an automated means of evaluating risks and the security posture of alternative security architectures. We perform an experiment implementing this approach for real drive-by download attacks found in a real time email spam feed and compare over 40 security products and human click-through rates by linking email, URL, network content, and executable file attack data.
Subjects
Files
- boggs_driveby_paper81.pdf application/pdf 1.51 MB Download File
Also Published In
- Title
- Research in Attacks, Intrusions and Defenses 17th International Symposium, RAID 2014, Gothenburg, Sweden, September 17-19, 2014, Proceedings
- Publisher
- Springer
More About This Work
- Academic Units
- Computer Science
- Published Here
- July 15, 2015
Notes
Presented at the 17th International Symposium on Research in Attacks, Intrusions and Defenses; RAID 2014; 2014/09/17