Case-control studies and cybercrime Tyler Moore Computer Science - - PDF document

case control studies and cybercrime
SMART_READER_LITE
LIVE PREVIEW

Case-control studies and cybercrime Tyler Moore Computer Science - - PDF document

Dec 12, 2023 237 likes •284 views

Notes Case-control studies and cybercrime Tyler Moore Computer Science & Engineering Department, SMU, Dallas, TX Lecture 14 Guide to analyzing data Notes Type of Data Exploration Statistics RByEx ecdf(br$logbreach)

slide-1
SLIDE 1

Case-control studies and cybercrime

Tyler Moore

Computer Science & Engineering Department, SMU, Dallas, TX

Lecture 14

Guide to analyzing data

Type of Data Exploration Statistics RByEx 1 numerical variable

2 4 6 8 0.0 0.4 0.8 ecdf(br$logbreach) x Fn(x) 2 4 6 8 log(#records breached)

  • ne way t-test, Wilcox test

6.3 1 categorical variable

CARD HACK PHYS STAT 400 800

– 3.1 # categories=2 – prop.test 6.2 1 categorical, 1 numerical

  • BSF

EDU 2 4 6 8 Organization Type log(#records breached) 2 4 6 8 FALSE TRUE log(#records breached) Breach type

  • anova, Permutation

10 # categories=2 – 2-way t, Wilcox test, Perm. 6.4 2 categorical variables

TOH

BSF BSO BSR EDU GOV MED NGO CARD DISC HACK INSD PHYS PORT STAT UNKN

χ2 test 3.2–3.5

2 / 13

Identifying risk factors in epidemiology

3 / 13

Case-control studies and cybercrime

In a perfect world, we could measure security using randomized controlled experiments similar to medicine But most security data is observational – we can’t select subjects and apply treatments to a subset Instead, we can observe that some targets are victimized, while other vulnerable targets are not Crucially, this observation happens after the fact (if at all) Case-control study method is ideal for identifying risk factors when all you have is observational data

4 / 13

Notes Notes Notes Notes

slide-2
SLIDE 2

Case-control study design

Population Case Control Exposed Not Exposed Exposed Not Exposed Present Past

5 / 13

Case-control study design: smoking and lung cancer

Population: Doctors Case: Lung Cancer Control: No Lung Cancer Exposed: Smoker Not Exposed: Non-smoker Exposed: Smoker Not Exposed: Non-smoker Present Past

6 / 13

The odds ratio

Case (afflicted) Control (not afflicted) Exposed (has risk factor) p11 p10 Not exposed (no risk factor) p01 p00

  • dd’s ratio = p11 ∗ p00

p10 ∗ p01

7 / 13

Case-control study: spear phishing and academic specialty

Population: Malware spam recipients Case: Targeted email Control: Un- targeted email Exposed: Aca- demic Subject Not Exposed: Other Subjects Exposed: Aca- demic Subject Not Exposed: Other Subjects Present Past

8 / 13

Notes Notes Notes Notes

slide-3
SLIDE 3

Odds ratios for academic subjects in spear phishing study

9 / 13

Illicit online pharmacies

What do illicit online pharmacies have to do with phishing? Both make use of a similar criminal supply chain

1

Traffic: hijack web search results (or send email spam)

2

Host: compromise a high-ranking server to redirect to pharmacy

3

Hook: affiliate programs let criminals set up website front-ends to sell drugs

4

Monetize: sell drugs ordered by consumers

5

Cash out: no need to hire mules, just take credit cards!

For more: http://lyle.smu.edu/~tylerm/usenix11.pdf

10 / 13

Case-control study: search-redirection attacks

Population: pharma search results Case: Search- redirection at- tack Control: No redirection Exposed: .EDU TLDs Not Exposed: Other TLDs Exposed: .EDU TLDs Not Exposed: Other TLDs Present Past

11 / 13

Case-control study: search-redirection attacks

R code: http://lyle.smu.edu/~tylerm/courses/econsec/ code/pharmaOdds.R

12 / 13

Notes Notes Notes Notes