EBCS Proceedings

Can computing environments deter system trespassers and increase intruders’ likelihood to cover their tracks during the progression of a system trespassing event? To generate sufficient empirical evidence to answer this question, we designed a series of randomized field trials using a large set of target computers built for the sole purpose of being infiltrated. We configured these computers to present varying levels of ambiguity regarding the presence of surveillance in the system, and investigated how this ambiguity influenced system trespassers’ likelihood to issue clean tracks commands. Findings indicate that the presence of unambiguous signs of surveillance increases the probability of clean tracks commands being entered on the system. Nevertheless, even when given clear signs of detection, we find that intruders are less likely to use clean tracks commands in the absence of subsequent presentations of sanction threats. These results indicate that the implementation of deterring policies and tools in cyber space could nudge system trespassers to exhibit more cautiousness during their engagement in system trespassing events. Our findings also emphasize the relevance of social-science models in guiding cyber security experts’ continuing efforts to predict and respond to system trespassers’ illegitimate online activities.

We present D3NS, a system to replace the current top level DNS system and certificate authorities, offering increased scalability, security and robustness. D3NS is based on a distributed hash table and utilizes a domain name ownership system based on the Bitcoin blockchain. It addresses previous criticism that a DHT would not suffice as a DNS replacement. D3NS provides solutions to current DNS vulnerabilities such as DDOS attacks, DNS spoofing and censorship by local governments. D3NS eliminates the need for certificate authorities by providing a decentralized authenticated record of domain name ownership. Unlike previous DNS replacement proposals, D3NS is reverse compatible with DNS and allows for incremental implementation within the current system.

Cyber security experts in the U.S. and around the globe assess potential threats to their organizations by evaluating potential attackers’ skills, knowledge, resources, access to the target organization and motivation to offend (i.e. SKRAM). Unfortunately, this model fails to incorporate insights regarding online offenders’ traits and the conditions surrounding the development of online criminal event. Drawing on contemporary criminological models, we present a theoretical rationale for revising the SKRAM model. The revised model suggests that in addition to the classical SKRAM components, both individual attributes and certain offline and online circumstances fuel cyber attackers’ motivation to offend, and increase the probability that a cyber-attack will be launched against an organization. Consistent with our proposed model, and its potential in predicting the occurrence of different types of cyber-dependent crimes against organizations, we propose that Information Technology professionals’ efforts to facilitate safe computing environments should design new approaches for collecting indicators regarding attackers’ potential threat, and predicting the occurrence and timing of cyber-dependent crimes.

Social media platforms are commonly employed by law enforcement agencies for collecting Open Source Intelligence (OSNIT) on criminals, and assessing the risk they pose to the environment the live in. However, since no prior research has investigated the relationships between hackers’ use of social media platforms and their likelihood to generate cyber-attacks, this practice is less common among Information Technology Teams. Addressing this empirical gap, we draw on the social learning theory and estimate the relationships between hackers’ use of Facebook, Twitter, and YouTube and the frequency of web defacement attacks they generate in different times (weekdays vs. weekends) and against different targets (USA vs. non-USA websites). To answer our research questions, we use hackers’ reports of web defacement they generated (available on http://www.zone-h.org), and complement with an independent data collection we launched to identify these hackers’ use of different social media platforms. Results from a series of Negative Binomial Regression analyses reveal that hackers’ use of social media platforms, and specifically Twitter and Facebook, significantly increases the frequency of web defacement attacks they generate. However, while using these social media platforms significantly increases the volume of web defacement attacks these hackers generate during weekdays, it has no association with the volume of web defacement they launch over weekends. Finally, although hackers’ use of both Facebook and Twitter accounts increase the frequency of attacks they generate against non-USA websites, the use of Twitter only increases significantly the volume of web defacement attacks against USA websites.

We and others have shown that machine learning can detect and mitigate web-based attacks and the propagation of malware. High performance machine learning frameworks exist for the major computer languages used to program both web servers and web pages. This paper examines the factors required to use the frameworks as an effective distributed deterrent.

Computing Voronoi tessellations in an arbitrary number of dimensions is a computationally difficult task. This problem becomes exacerbated in distributed environments, such as Peer-to-Peer networks and Wireless networks, where Voronoi tessellations have useful applications. We present our Distributed Greedy Voronoi Heuristic, which approximates Voronoi tessellations in distributed environments. Our heuristic is fast, scalable, works in any geometric space with a distance and midpoint function, and has interesting applications in embedding metrics such as latency in the links of a distributed network.

Effective Big Data applications dynamically handle the retrieval of decisioned results based on stored large datasets efficiently. One effective method of requesting decisioned results, or querying, large datasets is the use of SQL and database management systems such as MySQL. But a problem with using relational databases to store huge datasets is the decisioned result retrieval time, which is often slow largely due to poorly written queries / decision requests. This work presents a model to re-architect Big Data applications in order to efficiently present decisioned results: lowering the volume of data being handled by the application itself, and significantly decreasing response wait times while allowing the flexibility and permanence of a standard relational SQL database, supplying optimal user satisfaction in today's Data Analytics world. In this paper we review a Big Data case study in the telecommunications field and use it to experimentally demonstrate the effectiveness of our approach.

Network based attacks are the major threat to security on the Internet. The volume of traffic and the high variability of the attacks place threat detection squarely in the domain of big data. Conventional approaches are mostly based on signatures. While these are relatively inexpensive computationally, they are inflexible and insensitive to small variations in the attack vector. Therefore we explored the use of machine learning techniques on real flow data. We found that benign traffic could be identified with high accuracy.

Cryptomarkets (or darknet markets) are commercial hidden-service websites that operate on The Onion Router (Tor) anonymity network. Cryptomarkets accept primarily bitcoin as payment since bitcoin is pseudonymous. Understanding bitcoin transaction patterns in cryptomarkets is important for analyzing vulnerabilities of privacy protection models in cryptocurrecies. It is also important for law enforcement to track illicit online crime activities in cryptomarkets. In this paper, we discover interesting characteristics of bitcoin transaction patterns in cryptomarkets. The results demonstrate that the privacy protection mechanism in cryptomarkets and bitcoin is vulnerable. Adversaries can easily gain valuable information for analyzing trading activities in cryptomarkets.

The classical view of an information system is that it represents and reflects physical reality. We suggest this classical view is increasingly obsolete: digital technologies are now creating and shaping physical reality. We call this phenomenon the ontological reversal. The ontological reversal is where the digital version is created first, and the physical version second (if needed). This ontological reversal challenges us to think about the role of humans and technology in society. It also challenges us to think about our role as IS scholars in this digital world and what it means for our research agendas.

Cryptomarkets (or darknet markets) are commercial hidden-service websites that operate on The Onion Router (Tor) anonymity network. Cryptomarkets accept primarily bitcoin as payment since bitcoin is pseudonymous. Understanding bitcoin transaction patterns in cryptomarkets is important for analyzing vulnerabilities of privacy protection models in cryptocurrecies. It is also important for law enforcement to track illicit online crime activities in cryptomarkets. In this paper, we discover interesting characteristics of bitcoin transaction patterns in cryptomarkets. The results demonstrate that the privacy protection mechanism in cryptomarkets and bitcoin is vulnerable. Adversaries can easily gain valuable information for analyzing trading activities in cryptomarkets.

Opioid abuse epidemics is a major public health emergency in the US. Social media platforms have facilitated illicit drug trading, with significant amount of drug advertisement and selling being carried out online. In order to understand dynamics of drug abuse epidemics and design efficient public health interventions, it is essential to extract and analyze data from online drug markets. In this paper, we present a computational framework for automatic detection of illicit drug ads in social media, with Google+ being used for a proof-of-concept. The proposed SVM- and CNN-based methods have been extensively validated on the large dataset containing millions of posts collected using Google+ API. Experimental results demonstrate that our methods can efficiently identify illicit drug ads with high accuracy. Both approaches have been extensively validated using the dataset containing millions of posts collected using Google+ API. Experimental results demonstrate that both methods allow for accurate identification of illicit drug ads.

Opioid abuse epidemics is a major public health emergency in the US. Social media platforms have facilitated illicit drug trading, with significant amount of drug advertisement and selling being carried out online. In order to understand dynamics of drug abuse epidemics and design efficient public health interventions, it is essential to extract and analyze data from online drug markets. In this paper, we present a computational framework for automatic detection of illicit drug ads in social media, with Google+ being used for a proof-of-concept. The proposed SVM- and CNN-based methods have been extensively validated on the large dataset containing millions of posts collected using Google+ API. Experimental results demonstrate that our methods can efficiently identify illicit drug ads with high accuracy. Both approaches have been extensively validated using the dataset containing millions of posts collected using Google+ API. Experimental results demonstrate that both methods allow for accurate identification of illicit drug ads.

Opioid crisis was declared as a public health emergency in 2017 by the President of USA. According to the Centers for Disease Control and Prevention, more than 91 Americans die every day from an opioid overdose. Nearly $4B is provided to address the opioid epidemic in the 2018 spending bill and help fulfill the President’s Opioid Initiative.

How to monitor and predict the opioid epidemic accurately and in real time? The traditional methods mainly use the hospital data and usually have a lag of several years. Even though they are accurate, the long lag period prevents us from monitoring and predicting the epidemic in real time. We observe that people discuss things related to the epidemic a lot in social media platforms. These user behavior data collected from social media platforms can potentially help us monitor and predict the epidemic in real time.

In this paper, we study how to use Twitter to monitor the epidemic. We collect the historic tweets containing the set of keywords related to the epidemic. We count the frequency of the tweets posted at each month and each state. We compare the frequency values with the real-world death rates at each month and each state. We identify high correlation between tweet frequency values and real-world death rates. The statistical significance demonstrates that the Twitter data can be used for predicting the death rate and epidemic in future.

Cryptomarkets are commercial websites on the web that operate via darknet, a portion of the Internet that limits the ability to trace users’ identity. Cryptomarkets have facilitated illicit product trading and transformed the methods used for illicit product transactions. The survellience and understanding of cryptomarkets is critical for law enforcement and public health. In this paper, we design and implement Python scrapers for scraping cryptomarkets. The design of the scraper system is described with details and the source code of the scrapers is shared with the public.

Because “going digital” regards using digital technologies to fundamentally change the way things get done, information security is necessarily engaged in going digital. Society and science are going digital. For the sciences, this digitalization process invokes an emerging model of the science of design that incorporates the assembly of information systems from a wide variety of platform ecosystems. According to principles of bounded rationality and bounded creativity, this mode of design requires more creativity to develop needed functionality from a finite set of available platforms. Going digital requires more creativity in designers of all types of information systems. Furthermore, the designers’ goals are changing. The traditional model of information systems is representational: the data in the system represents (reflects) reality. Newer information systems, equipped with 3D printing and robotics actually create reality. Reality represents (reflects) the data in the system. The paper explores the example of information security. Designers of security for information systems not only must be more creative, they must design for more goals. The security task is no longer just protecting the digital system, the security task is protecting the products of the digital system.