What is Network and Security Research? Network and Security Research, or Information Communication Technology (ICT) Research involves: the collection,

Slides:

Advertisements

Similar presentations

Its a new digital world with new digital dangers….

Advertisements

AUP Acceptable Use Policy Summarized by Mr. Kirsch from the Sioux Falls School District Technology Plan.

Cyber Law & Islamic Ethics CICT3523 COMPUTER CRIMES.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.

ECrime Research Richard Clayton Luxembourg 11 th May 2010.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Information Warfare Theory of Information Warfare

1 Understanding Botnet Phenomenon MITP Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.

1. 2 A High Tech Crime Investigation Lessons learned by the National High Tech Crime Center Hans Oude Alink, project leader NHTCC November 2005.

1 McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved. Ethical Challenges Ethics Principles of right and wrong that.

Detecting Botnets Using Hidden Markov Models on Network Traces Wade Gobel Bio-Grid, Summer 2008.

Reliability and Security. Security How big a problem is security? Perfect security is unattainable Security in the context of a socio- technical system.

Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.

(Geneva, Switzerland, September 2014)

Department Of Computer Engineering

Privacy in Computing Legal & Ethical Issues in Computer …Security Information Security Management …and Security Controls Week-9.

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.

CJ © 2011 Cengage Learning Chapter 17 Cyber Crime and The Future of Criminal Justice.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Introduction to Honeypot, Botnet, and Security Measurement

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB

© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.

1 Brett Roberts Director of Innovation | Microsoft NZ | 28 Aug 07 Technology and Privacy.

By: Sharad Sharma, Somya Verma, and Taranjit Pabla.

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

PREPAREDNESS AND RESPONSE TO CYBER THREATS REQUIRE A CSIRT By Jaco Robertson, Marthie Lessing and Simon Nare*

Mobile Technology and Cyber Threats Deon Woods Bell Office of International Affairs The Fifth Annual African Consumer Protection Dialogue Conference Livingstone,

Internet Drivers License CSS411/BIS421 Computing Technology & Public Policy Mark Kochanski Spring 2010.

UDMIS.info Ethics and IS. UDMIS.info The Ethics of IS Ethics and Privacy Ethical Issues Law & Order.

Bots Used to Facilitate Spam Matt Ziemniak. Discuss Snort lab improvements Spam as a vehicle behind cyber threats Bots and botnets What can be done.

CHAPTER 10 Technology Issues.

© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.

Information Warfare Playgrounds to Battlegrounds.

Page 1 Battling Botnets: Implications for a Cybercrime Strategy July 8, 2010.

Nullcon Goa 2010http://nullcon.net Botnet Mitigation, Monitoring and Management - Harshad Patil.

CONDUCTING CYBERSECURITY RESEARCH LEGALLY AND ETHICALLY By Aaron J. Burstein; Presented by David Muchene.

 Ethics is a broad philosophical concept that goes beyond simple right and wrong, and looks towards "the good life".  Cyber Ethics deals with the philosophy.

1 Honeypot, Botnet, Security Measurement, Spam Cliff C. Zou CDA /01/07.

Studying Spamming Botnets Using Botlab 台灣科技大學資工所楊馨豪 2009/10/201 Machine Learning And Bioinformatics Laboratory.

What is computer ethics?  Computer Ethics is a branch of practical philosophy which deals with how computing professionals should make decisions regarding.

Host and Application Security Lesson 17: Botnets.

October 21, 2008 Jennifer Q.; Loriane M., Michelle E., Charles H. Internet Safety.

Cyber Security, Internet, and Wireless Networks Shigang Chen, Associate Professor Dept of Computer & Information Science & Engineering University of Florida.

Studying Spamming Botnets Using Botlab

Information Warfare Playgrounds to Battlegrounds.

Information Technology & Ethics. Impact The impact of IT on information and communication can be categorized into 4 groups: privacy, accuracy, property,

.ORG, The Public Interest Registry. 2 Proprietary & Confidential What is Domain Security? Domain security is: 1) Responsibility. Any TLD should have a.

Supplemental Information on TOR (The Onion Router) CEH ed 8, Rev 4 CS3695 – Network Vulnerability Assessment & Risk Mitigation–

Traffic Analysis and Risk Assessment of a Medium-Sized ISP Alan W. Rateliff, II Florida Internet Service Provider Approximately 2000 ADSL users Connections.

1 Thrust 5: Secure Wireless Networking Technologies For future generation wireless packet networks, two most important aspects need to be addressed: QoS.

By Alex Mayak.  What is spyware?  History of spyware.  What effect does spyware have on your computer?  What spreads spyware?

Internet Security and Implications on Transportation Systems 1 Yan Chen Department of Electrical Engineering and Computer Science Northwestern University.

Chapter One Copyright © 2016 Thomas J. Holt. All rights reserved.

Information Management System Ali Saeed Khan 29 th April, 2016.

Social Impacts of IT: P6 By André Sammut. Social Impacts IT impacts our life both in good ways and bad ways. Multiplayer Games Social Networks Anti-social.

ETHICS Internet And Online Community Week 10.

Botnets A collection of compromised machines

Add video notes to lecture

CHAPTER FOUR OVERVIEW SECTION ETHICS

A Project on CYBER SECURITY

Internet And Online Community Week 10

Botnets A collection of compromised machines

Chapter 13 Security and Ethical Challenges.

Chapter 9 E-Commerce Security and Fraud Protection

CHAPTER FOUR OVERVIEW SECTION ETHICS

IASP 470 PROJECT PROPOSAL MALWARE DETECTION

Presentation transcript:

What is Network and Security Research? Network and Security Research, or Information Communication Technology (ICT) Research involves: the collection, use and disclosure of information collected via networks or using hardware and software associated with information technology Examples include: Phishing experiments Botnets Honeypots Analysis of internet network traffic

Ethical Challenges in ICT Research ICT research differs from traditional human subjects research which poses new ethical challenges: Interactions with humans are often indirect with intervening technology It is often not feasible to obtain informed consent Deception may be necessary There are varying degrees of linkage between data and individuals’ identities for behaviors Researchers can easily engage millions of “subjects” and billions of associated data “objects” simultaneously.

There is more to it than “data” Data Application Host Computer Network Information and Information System

Case Studies of ICT Research Shining Light in Dark Places: Understanding the ToR Network Learning More About the Underground Economy: A Case Study of Keyloggers and Dropzones Your Botnet is My Botnet: Examination of a Botnet Takeover Why and How to Perform Fraud Experiments Measurement and Mitigation of Peer-to- Peer-Based Botnets: A Case Study on Storm Worm Spamalytics: An Empirical Analysis of Spam Marketing Conversion Studying Spamming Botnets Using Botlab P2P as Botnet Command and Control: A Deeper Insight DDoS Attacks Against South Korean and U.S. Government Sites BBC: Experiments with Commercial Botnets Lycos Europe “Make Love Not Spam” Campaign University of Bonn: “Stormfucker” Information Warfare Monitor: “Ghostnet” Tipping Point: Kraken Botnet Takeover Symbiot: “Active Defense” Tracing Anonymous Packets to the Approximate Source LxLabs Kloxo/HyperVM Exploiting Open Functionality in SMS- Capable Networks Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero- Power Defenses Black Ops Its The End Of The Cache As We Know It How to Own the Internet in Your Spare Time Botnet Design RFID Hacking WORM vs. WORM: preliminary study of an active counter-attack mechanism A Pact with the Devil Playing Devil's Advocate: Inferring Sensitive Data from Anonymized Network Traces Protected Repository for the Defense of Infrastructure Against Cyber Attacks  Likely to be considered Human Subjects Research subject to IRB review   

A Bit of Context Review boards lack expertise in this area of research It is difficult for researcher or IRB to quantify risks Distance 1 between researcher and “subject” differs from traditional human subjects research: – As the “distance” between the researcher and subject decreases, we are more likely to define the research scenario as one that involves “human subjects.” – As the “distance” increases, we are more likely to define the research scenario as one that does not involve “human subjects”. Concern about possible “human harming research” 1 Elizabeth Buchanan and Annette Markham

Subject or Object?

Social Network Honeypot Case Study [Discuss here] SOCIAL NETWORK HONEYPOT CASE STUDY

Case Study: Social Network Honeypots Research Method Deceptively “friend” millions of users Follow all posts, identifying malware through “sandbox” analysis Develop detection and filtering mechanisms Involved Stakeholders End users of social networks (i.e., victims) Criminals Social network platform providers Law enforcement Researchers

Case Study: Social Network Honeypots Benefits New detective, protective, and possibly investigative techniques Publicity from novel, high-profile research Risks of harm Loss of user privacy (researcher obtaining personal communications and personally identifiable information) Harm resulting from use of deception Costs to provider to respond to complaints Harming a criminal investigation Violation of acceptable use policy

Case Study: Social Network Honeypots Benefits New detective, protective, and possibly investigative techniques Publicity from novel, high-profile research Risks of harm Loss of user privacy (researcher obtaining personal communications and personally identifiable information) Harm resulting from use of deception Costs to provider to respond to complaints Harming a criminal investigation Violation of acceptable use policy

Case study: Questions THIS IS A TEST! In this case study: Is there use of “personally identifiable data?” Is there an expectation of privacy in communications? Is use of deception necessary? Does it make a difference that a million users (as opposed to hundreds) are being deceived? Are waivers of consent and/or of debriefing warranted? Does it matter that researchers may impact law enforcement investigations, or other researchers’ data collection/experimentation?