- You are subscribed to this talk through .
- You are watching this talk through .
- You are subscribed to this talk. (unsubscribe, watch)
- You are watching this talk. (unwatch, subscribe)
- You are not subscribed to this talk. (watch, subscribe)
With the rise of financially-motivated computer abuse, understanding economic incentives of both attackers and targets has become critical to strengthening online security. In this talk, I will advocate the need for an interdisciplinary research agenda, ranging from network measurements and analysis to game-theoretic modeling.
I will first show how empirical network measurements help better design intervention mechanisms against attackers. Using the online sale of unlicensed pharmaceutical drugs as a case study, I will describe how longitudinal, large-scale measurements and analysis reveal important structural properties of a priori complex criminal ecosystems. I will in particular demonstrate the existence of "choke points" both in traffic brokering and product supply, which should be prime targets for intervention.
In addition to disrupting attackers' operations, improving overall network security also requires users strengthen their defenses -- but which incentives do they have to do so? I will introduce a game-theoretic model that we developed to describe how rational users respond to security threats in large-scale networks. I will use this model to show how network effects, specifically negative network externalities, strongly influence security decision making. I will conclude by outlining a roadmap for future security research combining measurements, mathematical modeling and behavioral aspects.
Nicolas Christin is the Associate Director of the Information Networking Institute at Carnegie Mellon University, and a research faculty (Senior Systems Scientist) in CyLab, Electrical and Computer Engineering, and Engineering and Public Policy. He holds a Diplôme d'Ingénieur from École Centrale Lille, and M.S. and Ph.D. degrees in Computer Science from the University of Virginia. After a postdoc in the School of Information at the University of California, Berkeley, he joined Carnegie Mellon in 2005. He served for three years as resident faculty at CMU CyLab Japan, before returning to Carnegie Mellon's main campus in 2008. His research interests are in computer and information systems networks; most of his work is at the boundary of systems and policy research, with a slant toward security aspects. He has most recently focused on online crime, security economics, and psychological aspects of computer security. He equally enjoys field measurements and mathematical modeling.