User-Behavior Based Detection of Infection Onset

A major vector of computer infection is through exploiting software or design flaws in networked applications such as the browser. Malicious code can be fetched and executed on a victim’s machine without the user’s permission, as in drive-by download (DBD) attacks. In this paper, we describe a new tool called DeWare for detecting the onset of infection delivered through vulnerable applications. DeWare explores and enforces causal relationships between computer-related human behaviors and system properties, such as file-system access and process execution. Our tool can be used to provide real time protection of a personal computer, as well as for diagnosing and evaluating untrusted websites for forensic purposes. Besides the concrete DBD detection solution, we also formally define causal relationships between user actions and system events on a host. Identifying and enforcing correct causal relationships have important applications in realizing advanced and secure operating systems. We perform extensive experimental evaluation, including a user study with 21 participants, thousands of legitimate websites (for testing false alarms), as well as 84 malicious websites in the wild. Our results show that DeWare is able to correctly distinguish legitimate download events from unauthorized system events with a low false positive rate (< 1%)

A Framework for Identifying Malware Threat Distribution on the Dark Web

The Dark Web is an ever-growing phenomenon that has not been deeply explored. It is no secret that in recent years, malware has become a powerful threat to technology users. The Dark Web is known for supporting anonymity and secure connections for private interactions. Over the years, it has become a rich environment for displaying trends, details, and indicators of emerging malware threats. Through the application of data science and open-source intelligence techniques, trends in malware distribution can be studied. In this research, we create a framework for helping identify malware threat distribution patterns. We examine this type of Dark Web activity by utilizing an automated and manual approach for collecting data on malware exchanges. Furthermore, a comparative analysis is conducted to determine which approach is more effective and efficient. Our framework for identifying current or future malware threats that are distributed on the Dark Web is refined by examining the weaknesses and strengths of each gathering approach

The Legal Status of Spyware

This Article examines the legal status of Spyware under federal and common law in the United States of America. The Authors begin with a technical overview of Spyware technology, which covers Spyware\u27s functionality, methods of dispersion, and classification. The Authors then analyze the treatment of Spyware under the Computer Fraud and Abuse Act, the Stored Communications Act, the Wiretap Act, and under general tort claims of trespass to chattels, invasion of privacy, and intrusion upon seclusion. The Authors conclude that none of the aformentioned causes of action provide an adequate remedy at law for Spyware victims. Moreover, the Authors note that even if an adequate cause of action were to exist, Spyware developers could avoid civil litigation by operating solely within Spyware friendly jurisdictions. The Authors speculate that an appropriate solution would be for the legislature to require all Spyware programs to contain multi-click End User License Agreements. Not only would this approach protect consumers by enabling them to make informed decisions and creating an effective cause of action against Spyware distributors, it would also help the Spyware industry as a whole by legitimizing commercially viable Spyware programs

The Legal Status of Spyware

This Article examines the legal status of Spyware under federal and common law in the United States of America. The Authors begin with a technical overview of Spyware technology, which covers Spyware\u27s functionality, methods of dispersion, and classification. The Authors then analyze the treatment of Spyware under the Computer Fraud and Abuse Act, the Stored Communications Act, the Wiretap Act, and under general tort claims of trespass to chattels, invasion of privacy, and intrusion upon seclusion. The Authors conclude that none of the aformentioned causes of action provide an adequate remedy at law for Spyware victims. Moreover, the Authors note that even if an adequate cause of action were to exist, Spyware developers could avoid civil litigation by operating solely within Spyware friendly jurisdictions. The Authors speculate that an appropriate solution would be for the legislature to require all Spyware programs to contain multi-click End User License Agreements. Not only would this approach protect consumers by enabling them to make informed decisions and creating an effective cause of action against Spyware distributors, it would also help the Spyware industry as a whole by legitimizing commercially viable Spyware programs

Deceptive Practices 2.0: Legal and Policy Responses

Reviews recent online misinformation campaigns and "cyberfraud" to suppress voting and skew elections, mainly in minority communities. Examines whether federal and state laws can sufficiently deter and punish perpetrators. Makes policy recommendations