Online  Promiscuity  Prophylac3c  Patching  and  the  Spread  of  

Computer  Transmi:ed  Infec3ons  

Timothy  Kelley  and  L.  Jean  Camp  Indiana  University  Bloomington  

School  of  Informa3cs  and  Compu3ng  

The  first    author  acknowledges  VolkswagenS3Gung  for  a  travel  grant  to  a:end  WEIS  2012  in  Berlin.  

Research  Ques3ons  

•  How  can  exploratory  epidemiological  models  help  us  be:er  quan3fy  online  risk?  – How  can  we  use  exploratory  epidemiological  models  to  help  us  be:er  understand  the  risks  due  to  online  risk  takers?  

Mo3va3on  and  Related  Work  

Bailey,  M.,  Cooke,  E.,  Jahanian,  F.,  Watson,  D.,  &  Nazario,  J.  (2005).  The  Blaster  Worm:  Then  and  Now.  IEEE  Security  and  Privacy  Magazine,  3(4),  26-­‐31.  doi:10.1109/MSP.2005.106  

Moore,  T.,  &  Clayton,  R.  (2009).  Evil  searching:  Compromise  and  recompromise  of  internet  hosts  for  phishing.  Financial  Cryptography  and  Data  Security,  256-­‐272.  Barbados.  Retrieved  from  h:p://www.springerlink.com/index/0W78321162423252.pdf  

August,  T.,  &  Tunca,  T.  I.  (2008).  Let  the  Pirates  Patch?  An  Economic  Analysis  of  SoGware  Security  Patch  Restric3ons.  Informa>on  Systems  Research,  19(1),  48-­‐70.  doi:10.1287/isre.1070.0142  

Choi,  J.  P.,  Fershtman,  C.,  &  Gandal,  N.  (2007).  Network  Security:  Vulnerabili3es  and  Disclosure  Policy.  papers.ssrn.com.  Retrieved  from  h:p://ssrn.com/abstract=1133779  

Perra,  N.,  Balcan,  D.,  Gonçalves,  B.,  &  Vespignani,  A.  (2011).  Towards  a  characteriza3on  of  behavior-­‐disease  models.  PloS  one,  6(8),  e23084.  doi:10.1371/journal.pone.0023084  

Fung,  I.  C.-­‐H.,  An3a,  R.,  &  Handel,  A.  (2012).  How  to  Minimize  the  A:ack  Rate  during  Mul3ple  Influenza  Outbreaks  in  a  Heterogeneous  Popula3on.  PloS  one,  7(6),  e36573.  doi:10.1371/journal.pone.0036573  

Model  Crea3on  and  Methodology  

Methodology  

•  Varia3on  of  single  parameter  in  single  popula3on  group  

•  Varia3on  of  single  parameter  in  both  popula3on  groups  

•  Full  Uncertainty  and  Sensi3vity  Analysis  •  Model  Fimng  

Results  

Small  groups  of  risk  takers  represent  a  threat  to  the  risk  adverse  popula3on  

0 10 20 30 40 50 60 70 80 90 100-1

-0.8

-0.6

-0.4

-0.2

0

0.2

0.4

0.6

0.8

1

Time (Days)

PRCC

Partial Rank Correlation Coefficient of Each Parameter and Total Infectious Per Day All Parameters Varied

η

δ

βSµS

1

µP1

γ1βPµP

2

γ2

Effec3ve  contact  rates  and  recovery  rates  govern  whether  or  not  a  pandemic  occurs  

0 10 20 30 40 50 60 70 80 90 100-1

-0.8

-0.6

-0.4

-0.2

0

0.2

0.4

0.6

0.8

1

Time (Days)

PRCC

Partial Rank Correlation Coefficient of Each Parameter and Total Infectious Per Day Bifurcation Parameters Fixed

η

δ

γ1γ2

Cost  of  maintaining  risk  adverse  behavior  and  recovery  due  to  social  response  are  cri3cal  components  throughout  the  life3me  of  infec3on.   Ability  to  apply  security  measures  in  

response  to  threats  is  effec3ve  in  ini3al  stages,  but  not  long  term.  

Model  Fimng  •  Top  ten  spoofed  en33es  account  for  ~83%  of  observed  a:acks.  

•  Top  20  en33es  account  for  ~95%  of  observed  a:acks.  

•  System  can  be  roughly  approximated  by  looking  at  the  top  ranked  spoofed  en3ty.  

Discussion  

•  We  can  look  at  public  health  costs  due  to  reduc3on  of  coverage  

 Franzini,  L.,  Marks,  E.,  Cromwell,  P.  F.,  Risser,  J.,  McGill,  L.,  Markham,  C.,  Selwyn,  B.,  et  al.    (2004).  Projected  economic  costs  due  to  health  consequences  of  teenagers’  loss  of    confiden3ality  in  obtaining  reproduc3ve  health  care  services  in  Texas.  Archives  of  pediatrics    &  adolescent  medicine,  158(12),  1140-­‐6.  doi:10.1001/archpedi.158.12.1140  

•  Effec3veness  of  Risk  Communica3on    Spain,  J.  E.,  Peipert,  J.  F.,  Madden,  T.,  Allsworth,  J.  E.,  &  Secura,  G.  M.  (2010).  The    Contracep3ve  CHOICE  Project:  recrui3ng  women  at  highest  risk  for  unintended  pregnancy    and  sexually  transmi:ed  infec3on.  Journal  of  women’s  health,  19(12),  2233-­‐8.    doi:

10.1089/jwh.2010.2146  

Conclusions  •  A  small  risk-­‐taking  popula3on  poses  a  risk  to  the  risk  adverse  popula3on  

•  Ability  to  recover  to  a  risk  adverse  popula3on  either  through  social  response  or  individual  behavior  is  effec3ve  at  reducing  global  prevalence  of  malware  through  the  life3me  of  infec3on  

•  Ability  to  apply  security  measures  in  response  to  threats  is  effec3ve  in  ini3al  stages,  but  not  long  term.  

•  Reducing  the  effec3veness  in  users  ability  to  recover  to  the  risk  adverse  popula3on  increases  system  wide  costs.  

Real  World  Results  

0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 11

1.5

2

2.5

Proportion of Population Uninfected at End of Epidemic

R 0 (Rep

rodu

ctio

n N

umbe

r - N

umbe

r of S

econ

dary

Infe

ctio

ns)

Basic Reproduction Numbers of Infection From Observed Data with Monitored Population Varied

Reproduction number in Argentina (~1.28)

Reproduction number in China (~1.55)

Reproduction number of Influenza (~2.0)

Ques3ons  and    Comments  

•  Thanks  to  Alessandro  Vespignani  for  advice  in  model  crea3on  

•  Thanks  to  Tyler  Moore  and  Richard  Clayton  for  use  of  their  data  set.  

•  Thanks  to  the  Volkswagen  Founda3on  for  travel  funding.