Standard

Herding Vulnerable Cats : A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting. / Tajalizadehkhoob, Samaneh; Van Goethem, Tom ; Korczynski, Maciej; Noroozian, Arman; Böhme, Rainer ; Moore, Tyler; Joosen, Wouter; van Eeten, Michel.

Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security . Association for Computing Machinery (ACM), 2017. p. 553-567.

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

Harvard

Tajalizadehkhoob, S, Van Goethem, T, Korczynski, M, Noroozian, A, Böhme, R, Moore, T, Joosen, W & van Eeten, M 2017, Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting. in Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security . Association for Computing Machinery (ACM), pp. 553-567. https://doi.org/10.1145/3133956.3133971

APA

Tajalizadehkhoob, S., Van Goethem, T., Korczynski, M., Noroozian, A., Böhme, R., Moore, T., ... van Eeten, M. (2017). Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (pp. 553-567). Association for Computing Machinery (ACM). https://doi.org/10.1145/3133956.3133971

Vancouver

Tajalizadehkhoob S, Van Goethem T, Korczynski M, Noroozian A, Böhme R, Moore T et al. Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security . Association for Computing Machinery (ACM). 2017. p. 553-567 https://doi.org/10.1145/3133956.3133971

Author

Tajalizadehkhoob, Samaneh ; Van Goethem, Tom ; Korczynski, Maciej ; Noroozian, Arman ; Böhme, Rainer ; Moore, Tyler ; Joosen, Wouter ; van Eeten, Michel. / Herding Vulnerable Cats : A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security . Association for Computing Machinery (ACM), 2017. pp. 553-567

BibTeX

@inproceedings{4e3ed97699e74e35af5caed74c6eeac8,
title = "Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting",
abstract = "Hosting providers play a key role in fighting web compromise, but their ability to prevent abuse is constrained by the security practices of their own customers. Shared hosting, offers a unique perspective since customers operate under restricted privileges and providers retain more control over configurations. We present the first empirical analysis of the distribution of web security features and software patching practices in shared hosting providers, the influence of providers on these security practices, and their impact on web compromise rates. We construct provider-level features on the global market for shared hosting -- containing 1,259 providers -- by gathering indicators from 442,684 domains. Exploratory factor analysis of 15 indicators identifies four main latent factors that capture security efforts: content security, webmaster security, web infrastructure security and web application security. We confirm, via a fixed-effect regression model, that providers exert significant influence over the latter two factors, which are both related to the software stack in their hosting environment. Finally, by means of GLM regression analysis of these factors on phishing and malware abuse, we show that the four security and software patching factors explain between 10{\%} and 19{\%} of the variance in abuse at providers, after controlling for size. For web-application security for instance, we found that when a provider moves from the bottom 10{\%} to the best-performing 10{\%}, it would experience 4 times fewer phishing incidents. We show that providers have influence over patch levels--even higher in the stack, where CMSes can run as client-side software--and that this influence is tied to a substantial reduction in abuse levels.",
author = "Samaneh Tajalizadehkhoob and {Van Goethem}, Tom and Maciej Korczynski and Arman Noroozian and Rainer B{\"o}hme and Tyler Moore and Wouter Joosen and {van Eeten}, Michel",
note = "Accepted Author Manuscript",
year = "2017",
month = "11",
day = "3",
doi = "10.1145/3133956.3133971",
language = "English",
pages = "553--567",
booktitle = "Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security",
publisher = "Association for Computing Machinery (ACM)",
address = "United States",

}

RIS

TY - GEN

T1 - Herding Vulnerable Cats

T2 - A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting

AU - Tajalizadehkhoob, Samaneh

AU - Van Goethem, Tom

AU - Korczynski, Maciej

AU - Noroozian, Arman

AU - Böhme, Rainer

AU - Moore, Tyler

AU - Joosen, Wouter

AU - van Eeten, Michel

N1 - Accepted Author Manuscript

PY - 2017/11/3

Y1 - 2017/11/3

N2 - Hosting providers play a key role in fighting web compromise, but their ability to prevent abuse is constrained by the security practices of their own customers. Shared hosting, offers a unique perspective since customers operate under restricted privileges and providers retain more control over configurations. We present the first empirical analysis of the distribution of web security features and software patching practices in shared hosting providers, the influence of providers on these security practices, and their impact on web compromise rates. We construct provider-level features on the global market for shared hosting -- containing 1,259 providers -- by gathering indicators from 442,684 domains. Exploratory factor analysis of 15 indicators identifies four main latent factors that capture security efforts: content security, webmaster security, web infrastructure security and web application security. We confirm, via a fixed-effect regression model, that providers exert significant influence over the latter two factors, which are both related to the software stack in their hosting environment. Finally, by means of GLM regression analysis of these factors on phishing and malware abuse, we show that the four security and software patching factors explain between 10% and 19% of the variance in abuse at providers, after controlling for size. For web-application security for instance, we found that when a provider moves from the bottom 10% to the best-performing 10%, it would experience 4 times fewer phishing incidents. We show that providers have influence over patch levels--even higher in the stack, where CMSes can run as client-side software--and that this influence is tied to a substantial reduction in abuse levels.

AB - Hosting providers play a key role in fighting web compromise, but their ability to prevent abuse is constrained by the security practices of their own customers. Shared hosting, offers a unique perspective since customers operate under restricted privileges and providers retain more control over configurations. We present the first empirical analysis of the distribution of web security features and software patching practices in shared hosting providers, the influence of providers on these security practices, and their impact on web compromise rates. We construct provider-level features on the global market for shared hosting -- containing 1,259 providers -- by gathering indicators from 442,684 domains. Exploratory factor analysis of 15 indicators identifies four main latent factors that capture security efforts: content security, webmaster security, web infrastructure security and web application security. We confirm, via a fixed-effect regression model, that providers exert significant influence over the latter two factors, which are both related to the software stack in their hosting environment. Finally, by means of GLM regression analysis of these factors on phishing and malware abuse, we show that the four security and software patching factors explain between 10% and 19% of the variance in abuse at providers, after controlling for size. For web-application security for instance, we found that when a provider moves from the bottom 10% to the best-performing 10%, it would experience 4 times fewer phishing incidents. We show that providers have influence over patch levels--even higher in the stack, where CMSes can run as client-side software--and that this influence is tied to a substantial reduction in abuse levels.

UR - http://resolver.tudelft.nl/uuid:4e3ed976-99e7-4e35-af5c-aed74c6eeac8

U2 - 10.1145/3133956.3133971

DO - 10.1145/3133956.3133971

M3 - Conference contribution

SP - 553

EP - 567

BT - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery (ACM)

ER -

ID: 43269694