Presentation is loading. Please wait.

Presentation is loading. Please wait.

What is Network and Security Research? Network and Security Research, or Information Communication Technology (ICT) Research involves: the collection,

Published byDulcie Crawford Modified over 9 years ago

Similar presentations

Presentation on theme: "What is Network and Security Research? Network and Security Research, or Information Communication Technology (ICT) Research involves: the collection,"— Presentation transcript:

1 What is Network and Security Research? Network and Security Research, or Information Communication Technology (ICT) Research involves: the collection, use and disclosure of information collected via networks or using hardware and software associated with information technology Examples include: Phishing experiments Botnets Honeypots Analysis of internet network traffic

2 Ethical Challenges in ICT Research ICT research differs from traditional human subjects research which poses new ethical challenges: Interactions with humans are often indirect with intervening technology It is often not feasible to obtain informed consent Deception may be necessary There are varying degrees of linkage between data and individuals’ identities for behaviors Researchers can easily engage millions of “subjects” and billions of associated data “objects” simultaneously.

3 There is more to it than “data” Data Application Host Computer Network Information and Information System http://en.wikipedia.org/wiki/McCumber_cube

4 Case Studies of ICT Research Shining Light in Dark Places: Understanding the ToR Network Learning More About the Underground Economy: A Case Study of Keyloggers and Dropzones Your Botnet is My Botnet: Examination of a Botnet Takeover Why and How to Perform Fraud Experiments Measurement and Mitigation of Peer-to- Peer-Based Botnets: A Case Study on Storm Worm Spamalytics: An Empirical Analysis of Spam Marketing Conversion Studying Spamming Botnets Using Botlab P2P as Botnet Command and Control: A Deeper Insight DDoS Attacks Against South Korean and U.S. Government Sites BBC: Experiments with Commercial Botnets Lycos Europe “Make Love Not Spam” Campaign University of Bonn: “Stormfucker” Information Warfare Monitor: “Ghostnet” Tipping Point: Kraken Botnet Takeover Symbiot: “Active Defense” Tracing Anonymous Packets to the Approximate Source LxLabs Kloxo/HyperVM Exploiting Open Functionality in SMS- Capable Networks Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero- Power Defenses Black Ops 2008 -- Its The End Of The Cache As We Know It How to Own the Internet in Your Spare Time Botnet Design RFID Hacking WORM vs. WORM: preliminary study of an active counter-attack mechanism A Pact with the Devil Playing Devil's Advocate: Inferring Sensitive Data from Anonymized Network Traces Protected Repository for the Defense of Infrastructure Against Cyber Attacks  Likely to be considered Human Subjects Research subject to IRB review   

5 A Bit of Context Review boards lack expertise in this area of research It is difficult for researcher or IRB to quantify risks Distance 1 between researcher and “subject” differs from traditional human subjects research: – As the “distance” between the researcher and subject decreases, we are more likely to define the research scenario as one that involves “human subjects.” – As the “distance” increases, we are more likely to define the research scenario as one that does not involve “human subjects”. Concern about possible “human harming research” 1 Elizabeth Buchanan and Annette Markham

6 Subject or Object?

7 Social Network Honeypot Case Study [Discuss here] SOCIAL NETWORK HONEYPOT CASE STUDY

8 Case Study: Social Network Honeypots Research Method Deceptively “friend” millions of users Follow all posts, identifying malware through “sandbox” analysis Develop detection and filtering mechanisms Involved Stakeholders End users of social networks (i.e., victims) Criminals Social network platform providers Law enforcement Researchers

9 Case Study: Social Network Honeypots Benefits New detective, protective, and possibly investigative techniques Publicity from novel, high-profile research Risks of harm Loss of user privacy (researcher obtaining personal communications and personally identifiable information) Harm resulting from use of deception Costs to provider to respond to complaints Harming a criminal investigation Violation of acceptable use policy

10 Case Study: Social Network Honeypots Benefits New detective, protective, and possibly investigative techniques Publicity from novel, high-profile research Risks of harm Loss of user privacy (researcher obtaining personal communications and personally identifiable information) Harm resulting from use of deception Costs to provider to respond to complaints Harming a criminal investigation Violation of acceptable use policy

11 Case study: Questions THIS IS A TEST! In this case study: Is there use of “personally identifiable data?” Is there an expectation of privacy in communications? Is use of deception necessary? Does it make a difference that a million users (as opposed to hundreds) are being deceived? Are waivers of consent and/or of debriefing warranted? Does it matter that researchers may impact law enforcement investigations, or other researchers’ data collection/experimentation?

Download ppt "What is Network and Security Research? Network and Security Research, or Information Communication Technology (ICT) Research involves: the collection,"

Similar presentations

Its a new digital world with new digital dangers….

Its a new digital world with new digital dangers….
AUP Acceptable Use Policy Summarized by Mr. Kirsch from the Sioux Falls School District Technology Plan.

AUP Acceptable Use Policy Summarized by Mr. Kirsch from the Sioux Falls School District Technology Plan.
Cyber Law & Islamic Ethics CICT3523 COMPUTER CRIMES.

Cyber Law & Islamic Ethics CICT3523 COMPUTER CRIMES.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
The development of Internet A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405. QQ is one of the.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
ECrime Research Richard Clayton Luxembourg 11 th May 2010.

ECrime Research Richard Clayton Luxembourg 11 th May 2010.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Information Warfare Theory of Information Warfare

Information Warfare Theory of Information Warfare
1 Understanding Botnet Phenomenon MITP 458 - Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.

1 Understanding Botnet Phenomenon MITP Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.
1. 2 A High Tech Crime Investigation Lessons learned by the National High Tech Crime Center Hans Oude Alink, project leader NHTCC November 2005.

1. 2 A High Tech Crime Investigation Lessons learned by the National High Tech Crime Center Hans Oude Alink, project leader NHTCC November 2005.
1 McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved. Ethical Challenges Ethics Principles of right and wrong that.

1 McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved. Ethical Challenges Ethics Principles of right and wrong that.
Detecting Botnets Using Hidden Markov Models on Network Traces Wade Gobel Bio-Grid, Summer 2008.

Detecting Botnets Using Hidden Markov Models on Network Traces Wade Gobel Bio-Grid, Summer 2008.
Reliability and Security. Security How big a problem is security? Perfect security is unattainable Security in the context of a socio- technical system.

Reliability and Security. Security How big a problem is security? Perfect security is unattainable Security in the context of a socio- technical system.
Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.

Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Department Of Computer Engineering

Department Of Computer Engineering
Privacy in Computing Legal & Ethical Issues in Computer …Security Information Security Management …and Security Controls Week-9.

Privacy in Computing Legal & Ethical Issues in Computer …Security Information Security Management …and Security Controls Week-9.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.

CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.
CJ © 2011 Cengage Learning Chapter 17 Cyber Crime and The Future of Criminal Justice.

CJ © 2011 Cengage Learning Chapter 17 Cyber Crime and The Future of Criminal Justice.

Similar presentations

Ads by Google