| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | November 24, 2015 |
| Latest Amendment Date: | August 2, 2016 |
| Award Number: | 1619620 |
| Award Instrument: | Continuing Grant |
| Program Manager: |
Ralph Wachter
rwachter@nsf.gov (703)292-8950 CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | December 1, 2015 |
| End Date: | September 30, 2018 (Estimated) |
| Total Intended Award Amount: | $316,432.00 |
| Total Awarded Amount to Date: | $316,432.00 |
| Funds Obligated to Date: |
FY 2015 = $138,233.00 FY 2016 = $143,367.00 |
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
70 WASHINGTON SQ S NEW YORK NY US 10012-1019 (212)998-2121 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
70 Washington Square S New York NY US 10012-1019 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | Secure &Trustworthy Cyberspace |
| Primary Program Source: |
01001516DB NSF RESEARCH & RELATED ACTIVIT 01001617DB NSF RESEARCH & RELATED ACTIVIT |
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
This project tackles the social and economic elements of Internet security: how the motivations and interactions of attackers, defenders, and users shape the threats we face, how they evolve over time, and how they can best be addressed. While security is a phenomenon mediated by the technical workings of computers and networks, it is ultimately a conflict driven by economic and social issues that merit a commensurate level of scrutiny. Today's online attackers are commonly profit-seeking, and the implicit social networks that link them together play a critical role in fostering the innovation and the efficiency underlying cybercrime markets. Further, the socio-economic lens can provide vital insights not only for understanding attackers, but victims too. Today's consumers, corporations, and governments make large investments in security technology with little understanding of their ultimate return-on-investment. And the ease with which we adopt online personas and relationships has created a collective blind spot that attackers exploit all-too-easily.
Grappling with these socio-economic dimensions is of fundamental importance for achieving a secure future information infrastructure, and developing a sound understanding of them requires research grounded in empiricism. Accordingly, the project has four key components: (1) pursue in-depth empirical analyses of a range of online criminal activities; (2) map out the evolving attacker ecosystem that preys on online social networks, and the extent to which unsafe online behavior is itself adopted and transmitted; (3) study how relationships among these criminals are established, maintained, and evolve over time; and (4) measure the efficacy of today's security interventions, both in the large and at the level of individual users. Across all of these efforts, the aim is to identify bottleneck elements where interventions might most effectively undermine entire ecosystems of abusive and criminal activities. Consequently, this research has the potential to dramatically benefit society by undermining entire cybercrime ecosystems: disrupting underground activities, infrastructure, and social networks through strategic intervention. The work will also create numerous educational opportunities, including undergraduate and graduate education as well as workforce education for security professionals, law enforcement, civil regulatory agencies, and legal scholars and professionals tasked with countering modern Internet threats.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
Cybersecurity is widely understood as a technical problem--one in which imperfect software platforms or configurations allow systems to be subverted--but this is only one layer of the overall challenge. While the technical mechanisms by which cyberattacks might be launched are critical, so too is understanding how real attackers are motivated and incentivized.
Our project has focused on placing this larger framing in a scientific context; we have introduced methodologies and techniques for empirically assessing different kinds of cyberattacks across the Internet. We have conducted large, carefully-designed case studies validating this approach to measurement (e.g., for account hijacking, ad fraud, malware distribution, ransomware, DDoS). Further, we have shown how these attacks can be placed into an economic context that motivates their particular technical approach; most online cybercriminals are profit-seeking and their underlying cost structure dictates the kinds of criminal activities that they are willing to pursue. We have not only reasoned about this abstractly but have empirically shown how to identify attacker revenues and follow the flow of criminal payments, including some of the first work demonstrating how to deanonymize Bitcoin transactions. Finally, we have shown how this level of insight allows us to design interventions that "de-monetize" attacks and thus remove incentives to mount them. We have been able to explore large-scale case-studies where these interventions have been put into effect and empirically demonstrated what kinds of actions are effective at redirecting attackers. Together, this work has validated our core idea that empirically-grounded analysis of both threats and their associated economic context can significantly improve how we address a range of security threats.
We have been able to conduct our work an unprecedented scale due to a combination of methodological techniques (e.g., Internet-wide scanning, botnet infiltration) coupled with close research partnerships with industry researchers (e.g., at Google, Microsoft, Facebook, Twitter, and Yahoo, among others). As a consequence, we have both been successful academically and also had a direct impact on how a broad array of Internet companies address online abuse. We have been able to collaborate effectively with law enforcement, enabling our work on Bitcoin payment tracing, underground stylometry, bulletproof hosting, and breach detection to reap concrete operational benefits.
In broad terms, we originated this project with the fundamental thesis that by considering security in "ecosystem" terms, including the many complex and disparate human elements of modern digital life, we could potentially obtain significantly deeper insights, and stronger and/or more cost-effective defenses, than by viewing security problems as solely technical concerns. Our undertakings have repeatedly affirmed this thesis. Our work developed sound, empirically grounded illumination of the support systems that make modern cybercrime possible; of how attackers frequently manipulate people rather than computers; of the flow of money including through nominally anonymous networks; of how individuals and organizations respond to threats, perceived problems, and victimization; and of the global scales at which these tussles and conflicts play out. We have examined security issues spanning the range from individual users and computers to enterprises to globally deployed services to distribution and financial networks to worldwide social networks to actions undertaken by intelligence services and sovereign nations. Throughout we find recurring themes of interconnections and human-scale considerations overshadowing the technical particulars of a given situation. Fundamentally, what makes security difficult is not (merely) the difficulty of writing correct code, but the much harder challenge of first understanding and then reasoning about interactions among disparate parties with disparate capabilities, motivations, resources, tolerances, and concerns. If however, we can arm ourselves with such insights, then not infrequently we find that a security issue, viewed in-the-large, presents hitherto unrecognized opportunities for improving its ultimate outcomes.
Last Modified: 10/15/2018
Modified by: Damon Mccoy
Please report errors in award information by writing to: awardsearch@nsf.gov.
