Researchers explore how cyber-attackers think like regular crooks

Nov 30, 2011 By Missy Corley

In a unique collaboration, an engineer and a criminologist at the University of Maryland are applying criminological concepts and research methods in the study of cybercrime. Their work has produced recommendations for IT managers to use in the prevention of cyber attacks on their networks.

Michel Cukier, associate professor of reliability engineering at the A. James Clark School of Engineering and Institute for Systems Research, and David Maimon, assistant professor of and criminal justice in the College of Behavioral and Social Sciences, are studying cyberattacks from two different angles - that of the user and that of the attacker. Both are members of the Maryland Center.

Their work is the first look at the relationship between computer-network activity patterns and computer-focused crime trends.

"We believe that criminological insights in the study of cybercrime are important, since they may support the development of concrete security policies that consider not only the technical element of cybercrime but also the human component," Maimon said.

In one study that focused on the victims of cyberattacks, the researchers analyzed data made available by the university's Office of Information Technology, which included instances of computer exploits, illegal computer port scans and (DoS) attacks.

Applying criminological rationale proposed by the "Routine Activities Perspective," Maimon and Cukier analyzed computer focused crime trends between the years 2007-2009 against the university network.

According to this perspective, which is designed to understand criminal victimization trends, successful criminal incidents are the consequence of the convergence in space and time of motivated offenders, suitable victims, and the absence of capable guardians. The researchers hypothesized that the campus would be more likely to be cyberattacked during business hours than during down times like after midnight and on weekends. Their study of the campus data confirmed their theories.

"Our analysis demonstrates that computer-focused crimes are more frequent during times of day that computer users are using their networked computers to engage in their daily working and studying routines," Maimon said.

"Users expose the network to attacks," Cukier said. Simply by browsing sites on the Web, Internet users make their computers' IP addresses and ports visible to possible attackers. So, "the users' behavior does reflect on the entire organization's security."

Maimon, a sociologist, takes the study a step further.

"Your computer network's social composition will determine where your attacks come from," he said. In a similar vein, "the kinds of places you go influence the types of attacks you get. Our study demonstrates that, indeed, network users are clearly linked to observed network attacks and that efficient security solutions should include the human element."

Cukier adds, "The study shows that the human aspect needs to be included in security studies, where humans are already referred as the 'weakest link.'"

Cukier and Maimon said the results of their research point to the following potential solutions:

1) Increased education and awareness of the risks associated with computer-assisted and computer-focused crimes among network users could prevent future attacks;

2) Further defense strategies should rely on predictions regarding the sources of attacks, based on the network users' social backgrounds and online routines.

"Michel and David's research exemplifies the interdisciplinary and comprehensive approach of the Maryland Cybersecurity Center," noted Michael Hicks, director of the Maryland Cybersecurity Center. "Resources are not unlimited, so true solutions must consider the motivations of the actors, both attackers and defenders, as well as the technological means to thwart an attack. Michel, an engineer, and David, a , are considering both sides of this equation, with the potential for game-changing results."

Explore further: Teachers' scare tactics may lead to lower exam scores

add to favorites email to friend print save as pdf

Related Stories

Researchers find way to measure effect of Wi-Fi attacks

Sep 12, 2011

Researchers from North Carolina State University have developed a way to measure how badly a Wi-Fi network would be disrupted by different types of attacks – a valuable tool for developing new security technologies.

Understanding the social side of cyber-security issues

May 04, 2011

When Engin Kirda started focusing on cyber-security research 10 years ago, those primarily responsible for launching Internet attacks were teenagers out for kicks, he said. But the scope of threats existing ...

Cyber criminals cloak their tracks

Feb 13, 2008

The 2007 X-Force Security report from IBM finds a disturbing rise in the sophistication of attacks by criminals on Web browsers worldwide. According to IBM, by attacking the browsers of computer users, cyber criminals are ...

Female-Name Chat Users Get 25 Times More Malicious Messages

May 09, 2006

A study by the University of Maryland's A. James Clark School of Engineering found that chat room participants with female usernames received 25 times more threatening and/or sexually explicit private messages than those ...

Hackers turn PlayStation into pay station

May 10, 2011

In late April, a hacker crippled Sony’s PlayStation Network by stealing the names, home addresses and perhaps even the credit card numbers of some 70 million subscribers, who play and download games through ...

Recommended for you

Teachers' scare tactics may lead to lower exam scores

1 hour ago

As the school year winds down and final exams loom, teachers may want to avoid reminding students of the bad consequences of failing a test because doing so could lead to lower scores, according to new research published ...

Poll: Big Bang a big question for most Americans

8 hours ago

Few Americans question that smoking causes cancer. But they have more skepticism than confidence in global warming, the age of the Earth and evolution and have the most trouble believing a Big Bang created the universe 13.8 ...

Study finds law dramatically curbing need for speed

Apr 18, 2014

Almost seven years have passed since Ontario's street-racing legislation hit the books and, according to one Western researcher, it has succeeded in putting the brakes on the number of convictions and, more importantly, injuries ...

Newlyweds, be careful what you wish for

Apr 17, 2014

A statistical analysis of the gift "fulfillments" at several hundred online wedding gift registries suggests that wedding guests are caught between a rock and a hard place when it comes to buying an appropriate gift for the ...

Can new understanding avert tragedy?

Apr 17, 2014

As a boy growing up in Syracuse, NY, Sol Hsiang ran an experiment for a school project testing whether plants grow better sprinkled with water vs orange juice. Today, 20 years later, he applies complex statistical ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

tadchem
not rated yet Nov 30, 2011
There are several 'types' of crime, and the criminals who commit them are just as diverse. Cybercriminals will have little in common with junkies who rob to get cash for a fix, or with emotional criminals who act out of rage, lust, or anger. They will have more in common with the sociopaths who perform elaborately planned acts such as fraud, espionage, sabotage, and the like.

More news stories

Hyperbolic homogeneous polynomials, oh my!

Cutting-edge mathematics today, at least to the uninitiated, often sounds as if it bears no relation to the arithmetic we all learned in grade school. What do topology and combinatorics and n-dimensional ...

Teachers' scare tactics may lead to lower exam scores

As the school year winds down and final exams loom, teachers may want to avoid reminding students of the bad consequences of failing a test because doing so could lead to lower scores, according to new research published ...

Poll: Big Bang a big question for most Americans

Few Americans question that smoking causes cancer. But they have more skepticism than confidence in global warming, the age of the Earth and evolution and have the most trouble believing a Big Bang created the universe 13.8 ...