Security Analytics: Bridging Large-scale Data Collection and Analysis with Human Factors to Design Better Defenses

In this talk, I will argue that understanding incentives of both
attackers and targets has become critical to strengthening online
security. I will advocate the need for an interdisciplinary research
agenda, ranging from network measurements and large-scale data analysis
to human factor modeling. Using case studies (online sale of unlicensed
pharmaceutical drugs, and anonymous marketplaces), I will first describe
how longitudinal, large-scale measurements and data analysis reveal
important economic and structural properties of a priori complex
criminal ecosystems. I will then discuss how these structural properties
can be used to design successful interventions, both from a policy
and from a technical angle. On the policy side, I will show that our
criminal ecosystem analysis evidences "concentration points," whose
disruption could effectively hamper illicit operations. On the technical
side, I will demonstrate how we can use adversaries' incentives to
design and build systems that can proactively identify future attack
targets. I will conclude by outlining a roadmap for security research
combining measurements, mathematical modeling and behavioral aspects.
Nicolas Christin is an Assistant Research Professor in Electrical and
Computer Engineering at Carnegie Mellon University, where he has also
affiliations with CyLab, the university-wide information security
institute, the Information Networking Institute and the department of
Engineering and Public Policy. He holds a Dipl&rquo;me d'ingénieur from
‰cole Centrale Lille, and M.S. and Ph.D. degrees in Computer Science
from the University of Virginia. He was a researcher in the School of
Information at the University of California, Berkeley, prior to joining
Carnegie Mellon in 2005. His research interests are in computer and
information systems security; most of his work is at the boundary of
systems and policy research. He has most recently focused on security
analytics, online crime modeling, and economics and human aspects of
computer security. His group's research won several awards including
Honorable Mention at ACM CHI 2011 and 2016, and Best Student Paper
Award at USENIX Security 2014.