inferring user behaviors from log data for understanding
play

Inferring User Behaviors from Log Data for Understanding Computer - PowerPoint PPT Presentation

Sep 24, 2022 •458 likes •838 views

Inferring User Behaviors from Log Data for Understanding Computer Security Decisions Dr. Emilee Rader Department of Media and Information Michigan State University emilee@msu.edu | msu.edu/~emilee May 14, 2018 Socio-technical systems:

  1. Inferring User Behaviors from Log Data for Understanding Computer Security Decisions Dr. Emilee Rader Department of Media and Information Michigan State University emilee@msu.edu | msu.edu/~emilee May 14, 2018

  2. • Socio-technical systems: people * technology * information • “Black boxes”: opaque about how inputs become outputs • Three types of problems: 1. Privacy issues related to sensors and derived data - Emilee Rader and Janine Slaker. “The Importance of Visibility for Folk Theories of Sensor Data” SOUPS 2017 . https://www.usenix.org/system/ files/conference/soups2017/soups2017-rader.pdf 2. Algorithmic decision-making in social media (NSF Grant IIS-1217212) - Emilee Rader, Kelley Cotter and Janghee Cho. “Explanations as Mechanisms for Supporting Algorithmic Transparency”. CHI 2018. doi: 10.1145/3173574.3173677 3. Computer security decision-making about threats that are hard to be aware of and understand (NSF Grant CNS-1115926) - Rick Wash, Emilee Rader, and Chris Fennell. “Can People Self-Report Security Accurately? Agreement Between Self-Report and Behavioral Measures”. CHI 2017. doi: 10.1145/3025453.3025911 2

  3. Photo by Markus Spiske — https://www.pexels.com/photo/full-frame-shot-of-multi-colored-pattern-330771/

  4. Everyone faces security decisions on a daily basis… 4

  5. 4

  6. 4

  7. 4

  8. 4

  9. everyday computer users : people without training in computer science or security who use computing technology and the Internet

  10. A large proportion of attacks on the Internet target vulnerabilities in end users rather than vulnerabilities in technology ( Symantec ) The majority of computers are compromised using vulnerabilities for which a security update was available but had not yet been installed ( Microsoft )

  11. A system's security depends on the choices made by its users. 7

  12. One way to influence users’ choices is to influence what they know about security. 8

  13. receive mail with attachment. read and no security process mail. learning. no immediately visible e ff ect. open the attachment. 9 Adapted from: Marsick VJ, Watkins KE. Informal and incidental learning. New Dir Adult Contin Educ 2001; 25–34.

  14. 10 Source: http://www.pcworld.com/article/3042580/security/locky-ransomware-activity-ticks-up.html

  15. 11 Adapted from: Marsick VJ, Watkins KE. Informal and incidental learning. New Dir Adult Contin Educ 2001; 25–34.

  16. The challenge: how to connect what people think and know about security, with the outcomes of the choices they make! 12

  17. How did we study this? • Custom software development - Windows app (C# and PowerShell) - Web browser plugins for Firefox and Chrome (JavaScript) - Server software (PHP) - LOTS of analysis scripts (Python, MySQL, R) • Six-week data collection - 134 university students 
 (excluding CS and Engineering) - 53% Women, 46% Men - $70 compensation 13

  18. How did we study this? Custom Logging Participants Pre-Survey Post Survey Software 14

  20. Custom Web Browser Extensions • What is a browser extension, anyway? about 774,000 visits • Data we collected: to 300,000 di fg erent distinct URLs 14,000 downloads - all URLs visited 24,000 password entries - download events 150,000 browser add-ons - installed plugins and extensions - all passwords (hashed!) and the webpage visits they were associated with - from that we reconstructed browsing sessions • 16

  21. Custom Windows App • Windows can log a lot of stuff for developers… • We turned all those logs on and collected data from them: - all processes that ran on the participants’ computers - software installed 1.5 million installed applications - security settings 11 million processes run 120,000 wifi connections - wifi and firewall logs 70,000 windows updates installed - logon log - hardware and OS information - Windows (software) update information - crashes and shutdowns - and more… 17

  22. Server Software and Database • Why did we need a server application? - Link browser plugin data and windows app data with participant survey data - Process the data and store it in the database • Why a backend database? - Well, what’s the alternative? - Think about it as lots of spreadsheets that reference each other… 18

  23. Server Software and Database • Why did we need a server application? - Link browser plugin data and windows app data with participant survey data - Process the data and store it in the database • Why a backend database? - Well, what’s the alternative? - Think about it as lots of spreadsheets that reference each other… 18

  24. 25 23 20 20 19 17 Count of Subjects 15 12 11 10 8 7 5 5 4 2 2 1 1 1 1 0 0 5 10 15 Number of Passwords 19

  25. 20

  26. Privacy and Ethics Issues 21

  27. Informed Consent • IRB approval for “spyware” • Multiple users on a single machine • Giving people the ability to turn off the data collection • What is the right amount to compensate people? 22

  28. Privacy and Log Data • Logging browsing activity - sensitive activities - illegal activities • Logging passwords - risk of compromise - password reuse 23

  29. Privacy and Log Data • Logging Windows operating system data - software update state - installed software and versions - anti-virus installed, in use? - time spent doing certain activities 24

  30. Anonymization • "Data can be perfectly useful or perfectly anonymous but never both" —Paul Ohm • What does "identifiable" data look like? • What log data might be identifiable? • What might participants not want us to infer about them? 25

  31. Sharing and Reproducibility • Our dataset is a snapshot in time • Our custom software is brittle • Risk of re-identification • How to share code, datasets? • How to prevent unintended uses? • Long-term storage issues 26

  32. https://osf.io/m8svp/ 27

  33. What did we learn? Current technologies make it difficult for individuals to learn about security: • Automating the install of software updates makes it harder for people to learn how to make decisions about updates because there are fewer opportunities to learn [SOUPS 2014]. • More knowledge about security or technical issues is not associated with more secure behavior [SOUPS 2015]. • People can only accurately self-report security behaviors that are discrete and have visible outcomes [CHI 2017]. 28

  34. What did we learn? People generalize security learning from one system to other, technically unrelated systems: • Negative experiences with software updates create spillover, or a refusal to install even unrelated updates [CHI 2014]. • People re-use passwords they must enter frequently on many other websites, most likely because it is easiest to recall [SOUPS 2016]. 29

  35. References [CHI 2014] Vaniea, K., Rader, E., and Wash, R. “Betrayed By Updates: How Negative Experiences Affect Future Security”. DOI: 10.1145/2556288.2557275 [SOUPS 2014] Wash, R., Rader, E., Vaniea, K, and Rizor, M. “Out of the Loop: How Automated Software Updates Cause Unintended Security Consequences”. https://www.usenix.org/system/files/soups14-paper-wash.pdf [SOUPS 2015] Wash R. and Rader, E. “Too Much Knowledge? Security Beliefs and Protective Behaviors Among US Internet Users”. https://www.usenix.org/ system/files/conference/soups2015/soups15-paper-wash.pdf [SOUPS 2016] Wash, R., Rader, E., Berman, R., and Wellmer, Z. “Understanding Password Choices: How Frequently Entered Passwords are Re-used Across Websites”. https://www.usenix.org/system/files/conference/soups2016/ soups2016-paper-wash.pdf [CHI 2017] Wash, R., Rader, E., and Fennell, C. “Can People Self-Report Security Accurately? Agreement Between Self-Report and Behavioral Measures”. DOI: 10.1145/3025453.3025911 30

  36. How did I learn to do all this stuff? • A long time ago, I took a couple of programming courses • To learn, I relied a LOT on code other people had written • Worked with (or near!) people who knew more than me and asked a LOT of questions • Came up with projects that were interesting enough to me that I needed to learn these things • Made a lot of mistakes, learned from them, got better • A lot of this is learning about how to organize the work and what I should do myself vs. what I should hire or find collaborators to do… 31

  37. Thank you! Dr. Emilee Rader Department of Media and Information Michigan State University emilee@msu.edu | msu.edu/~emilee This material is based upon work supported by the National Science Foundation under Grants CNS-1115926, CNS-1116544 Special thanks to collaborators and co-authors on this work: Rick Wash, Brandon Brooks, Nate Zemanek, Chris Fennell, Kami Vaniea, Michelle Rizor, Katie Hoban, and the rest of the BITLab team.

Recommend

social media studies Understanding content, user behaviors and information diffusion Emilio

social media studies Understanding content, user behaviors and information diffusion Emilio

Research frontiers in online social media studies Understanding content, user behaviors and information diffusion Emilio Ferrara Center for Complex Networks and Systems Research School of Informatics and Computing Indiana University

517 views • 26 slides
A data-centered approach to understanding quantum behaviors in materials Lucas K. Wagner

A data-centered approach to understanding quantum behaviors in materials Lucas K. Wagner

A data-centered approach to understanding quantum behaviors in materials Lucas K. Wagner Department of Physics Institute for Condensed Matter Theory National Center for Supercomputing Applications University of Illinois at Urbana-Champaign

296 views • 28 slides
ABA AS A TOOL TO MANAGE PROBLEM BEHAVIORS: A PRACTICAL APPROACH TO UNDERSTANDING CHALLENGING

ABA AS A TOOL TO MANAGE PROBLEM BEHAVIORS: A PRACTICAL APPROACH TO UNDERSTANDING CHALLENGING

ABA AS A TOOL TO MANAGE PROBLEM BEHAVIORS: A PRACTICAL APPROACH TO UNDERSTANDING CHALLENGING BEHAVIORS South Pasadena 5 th Annual Special Needs Conference Nancy Goldstein & Ellie Morrissey, SPUSD Goals for Todays Workshop Review

469 views • 31 slides
Inferring User Intent for Learning by Observation Kevin R. Dixon krd@cs.cmu.edu Department of

Inferring User Intent for Learning by Observation Kevin R. Dixon krd@cs.cmu.edu Department of

Carnegie Mellon Inferring User Intent for Learning by Observation Kevin R. Dixon krd@cs.cmu.edu Department of Electrical & Computer Engineering Carnegie Mellon University 2004-01-23, Inferring User Intent for LBO p.1 Carnegie Mellon

1.27k views • 125 slides
20-03-06 7. Learning Sequences/Behaviors How to use sequences/behaviors? Sequences and more

20-03-06 7. Learning Sequences/Behaviors How to use sequences/behaviors? Sequences and more

20-03-06 7. Learning Sequences/Behaviors How to use sequences/behaviors? Sequences and more generally behaviors are about Sequences are used integrating the concept of time into what is learned. In } to analyze time dependent data general,

298 views • 6 slides
From Dirt to Shovels: From Dirt to Shovels: Inferring PADS descriptions from ASCII Data ASCII

From Dirt to Shovels: From Dirt to Shovels: Inferring PADS descriptions from ASCII Data ASCII

From Dirt to Shovels: From Dirt to Shovels: Inferring PADS descriptions from ASCII Data ASCII Data Inferring PADS descriptions from Kathleen Fisher David Walker Peter White Kenny Zhu July 2007 Data,Data,everywhere! Data,Data,everywhere!

632 views • 46 slides
Understanding Behaviors of Attendance in Supplemental Instruction and Subsequent Academic

Understanding Behaviors of Attendance in Supplemental Instruction and Subsequent Academic

Understanding Behaviors of Attendance in Supplemental Instruction and Subsequent Academic Success in a First Year Engineering Course Nisha Abraham & Nina Telang The University of Texas at Austin In this Presentation Introduction to

420 views • 26 slides
Inferring User Routes and Locations using Zero-Permission Mobile Sensors Sashank Narain, Triet D.

Inferring User Routes and Locations using Zero-Permission Mobile Sensors Sashank Narain, Triet D.

Inferring User Routes and Locations using Zero-Permission Mobile Sensors Sashank Narain, Triet D. Vo-Huu, Kenneth Block and Guevara Noubir College of Computer and Information Science Northeastern University, Boston, MA Motivation Leakage

423 views • 18 slides
Understanding and Aiding Code Evolution by Inferring Change Patterns Miryung Kim Doctoral

Understanding and Aiding Code Evolution by Inferring Change Patterns Miryung Kim Doctoral

Understanding and Aiding Code Evolution by Inferring Change Patterns Miryung Kim Doctoral Symposium ICSE 2007 1. Title: Understand & Aiding Code Evolution by Inferring Change Patterns. (30 sec) My name is Miryung Kim & I am a graduate

571 views • 17 slides
Understanding patients: Participatory approaches for the user evaluation of vital data

Understanding patients: Participatory approaches for the user evaluation of vital data

See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/234826665 Understanding patients: Participatory approaches for the user evaluation of vital data presentation Article in ACM SIGCAPH

340 views • 8 slides
Learning from Shadow Security: Why understanding non-compliant behaviors provides the basis

Learning from Shadow Security: Why understanding non-compliant behaviors provides the basis

Learning from Shadow Security: Why understanding non-compliant behaviors provides the basis for effective security USEC 2014, San Diego, USA February 23 rd , 2014 Iacovos Kirlappos Simon Parkin M. Angela Sasse University College London

704 views • 27 slides
from Functional Data-Parallel Programs Inferring data distributions using types Tristan

from Functional Data-Parallel Programs Inferring data distributions using types Tristan

Synthesizing MPI Implementations from Functional Data-Parallel Programs Inferring data distributions using types Tristan Aubrey-Jones Bernd Fischer People need to program distributed memory architectures: GPUs Server farms/compute clusters

364 views • 32 slides
Understanding the Implications of Recommender Systems on Our Views and Behaviors Gedas Adomavicius

Understanding the Implications of Recommender Systems on Our Views and Behaviors Gedas Adomavicius

Understanding the Implications of Recommender Systems on Our Views and Behaviors Gedas Adomavicius University of Minnesota Joint work with Jesse Bockstedt, Shawn Curley, Jingjing Zhang 2 1 Recommender Systems: Feedback Loop Predicted Ratings

382 views • 34 slides
Toward an understanding of residential water conservation behaviors on Oahu Daniele Spirandelli

Toward an understanding of residential water conservation behaviors on Oahu Daniele Spirandelli

Toward an understanding of residential water conservation behaviors on Oahu Daniele Spirandelli 1,4 , Michael Roberts 2,3,4 , Kim Burnett 3 , Christopher Wada 3 , Theresa Dean 1 1 Department of Urban and Regional Planning 2 Department of

580 views • 27 slides
Understanding Storage I/O Behaviors of Mobile Applications Jace Courville Feng Chen

Understanding Storage I/O Behaviors of Mobile Applications Jace Courville Feng Chen

Understanding Storage I/O Behaviors of Mobile Applications Jace Courville Feng Chen jcourv@csc.lsu.edu fchen@csc.lsu.edu Louisiana State University Department of Computer Science and Engineering The Rise of

371 views • 24 slides
Inferring Datatypes Ningning Xie HIW 2019.08.23 data Maybe a = Nothing | Just a data List a = Nil

Inferring Datatypes Ningning Xie HIW 2019.08.23 data Maybe a = Nothing | Just a data List a = Nil

Inferring Datatypes Ningning Xie HIW 2019.08.23 data Maybe a = Nothing | Just a data List a = Nil | Cons a ( List a) data Either a b = Left a | Right b Wh Which da datatype ype de declarations ns sh should be e ac accepted? Wh What ki

842 views • 30 slides
Inferring Restaurant Styles by Mining Crowd Sourced Photos from User-Review Websites Haofu Liao,

Inferring Restaurant Styles by Mining Crowd Sourced Photos from User-Review Websites Haofu Liao,

@IEEE BigData 2016 Inferring Restaurant Styles by Mining Crowd Sourced Photos from User-Review Websites Haofu Liao, Yuncheng Li, Tianran Hu and Jiebo Luo Department of Computer Science UNIVERSITY of ROCHESTER Part I - The Problem UNIVERSITY

617 views • 25 slides
FROM PUBLIC AWARENESS TO ACTION Understanding Target Groups Behaviors and Influencers Ralph

FROM PUBLIC AWARENESS TO ACTION Understanding Target Groups Behaviors and Influencers Ralph

FROM PUBLIC AWARENESS TO ACTION Understanding Target Groups Behaviors and Influencers Ralph Guzman Vice President Guthrie-Jensen Consultants Manila, Philippines ralph@guthriejensen.com 2 3 4 5 6 Trying to please everybody is

987 views • 64 slides
Inferring the Purposes of Network Tra ffi c in Mobile Apps Who (which app) sends the data? Where

Inferring the Purposes of Network Tra ffi c in Mobile Apps Who (which app) sends the data? Where

Inferring the Purposes of Network Tra ffi c in Mobile Apps Who (which app) sends the data? Where the data is being sent to? What data is being collected? Why the data is being collected? Haojian Jin , Minyi Liu, Yuanchun Li, Gaurav Srivastava,

848 views • 63 slides
GeoEcho: Inferring User Interests from Geotag Reports in Network Traffic Ning Xia (Northwestern

GeoEcho: Inferring User Interests from Geotag Reports in Network Traffic Ning Xia (Northwestern

GeoEcho: Inferring User Interests from Geotag Reports in Network Traffic Ning Xia (Northwestern University) Stanislav Miskovic (Narus Inc.) Mario Baldi (Narus Inc.) Aleksandar Kuzmanovic (Northwestern University) Antonio Nucci (Narus Inc.)

418 views • 19 slides
WOMBAT: towards a Worldwide Observatory of Malicious Behaviors and Attack Threats Fabien Pouget

WOMBAT: towards a Worldwide Observatory of Malicious Behaviors and Attack Threats Fabien Pouget

WOMBAT: towards a Worldwide Observatory of Malicious Behaviors and Attack Threats Fabien Pouget Institut Eurcom January 24th 2006 TF-CSIRT 2006 Observations There is a lack of valid and available data The understanding of Internet

778 views • 49 slides
Inferring User Demographics and Social Strategies in Mobile Social Networks Yuxiao Dong #

Inferring User Demographics and Social Strategies in Mobile Social Networks Yuxiao Dong #

Inferring User Demographics and Social Strategies in Mobile Social Networks Yuxiao Dong # , Yang Yang + , Jie Tang + , Yang Yang # , Nitesh V. Chawla # # University of Notre Dame + Tsinghua University 1 Did you know: As of 2014, there are

484 views • 46 slides
On Inferring and Characterizing On Inferring and Characterizing Internet Routing Policies

On Inferring and Characterizing On Inferring and Characterizing Internet Routing Policies

On Inferring and Characterizing On Inferring and Characterizing Internet Routing Policies Internet Routing Policies Feng Wang Lixin Gao Department of Electrical and Computer Engineering University of Massachusetts, Amherst MA 01002, USA 1

450 views • 18 slides
Detecting Product Review Spammers using Rating Behaviors Itay Dressler What is Spam? Why

Detecting Product Review Spammers using Rating Behaviors Itay Dressler What is Spam? Why

Detecting Product Review Spammers using Rating Behaviors Itay Dressler What is Spam? Why should you care? How to detect Spam? 2 What is Spam? What is Spam? All forms of malicious manipulation of user generated data so as to

943 views • 56 slides

More recommend