当前位置:
X-MOL 学术
›
Journal of Cybersecurity
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
User compliance and remediation success after IoT malware notifications
Journal of Cybersecurity Pub Date : 2021-07-15 , DOI: 10.1093/cybsec/tyab015 Elsa Rodríguez 1 , Susanne Verstegen 1 , Arman Noroozian 1 , Daisuke Inoue 2 , Takahiro Kasama 2 , Michel van Eeten 1 , Carlos H Gañán 1
Journal of Cybersecurity Pub Date : 2021-07-15 , DOI: 10.1093/cybsec/tyab015 Elsa Rodríguez 1 , Susanne Verstegen 1 , Arman Noroozian 1 , Daisuke Inoue 2 , Takahiro Kasama 2 , Michel van Eeten 1 , Carlos H Gañán 1
Affiliation
Internet Service Providers (ISPs) are getting involved in remediating Internet of Things (IoT) infections of end users. This endeavor runs into serious usability problems. Given that it is usually unknown what kind of device is infected, they can only provide users with very generic cleanup advice, trying to cover all device types and remediation paths. Does this advice work? To what extent do users comply with the instructions? And does more compliance lead to higher cleanup rates? This study is the first to shed light on these questions. In partnership with an ISP, we designed a randomized control experiment followed up by a user survey. We randomly assigned 177 consumers affected by malware from the Mirai family to three different groups: (i) notified via a walled garden (quarantine network), (ii) notified via email, and (iii) no immediate notification, i.e. a control group. The notification asks the user to take five steps to remediate the infection. We conducted a phone survey with 95 of these customers based on communication–human information processing theory. We model the impact of the treatment, comprehension, and motivation on the compliance rate of each customer, while controlling for differences in demographics and infected device types. We also estimate the extent to which compliance leads to successful cleanup of the infected IoT devices. While only 24% of notified users perform all five remediation steps, 92% of notified users perform at least one action. Compliance increases the probability of successful cleanup by 32%, while the presence of competing malware reduces it by 54%. We provide an empirical basis to shape ISP best practices in the fight against IoT malware.
中文翻译:
物联网恶意软件通知后的用户合规性和补救成功
互联网服务提供商 (ISP) 正在参与修复最终用户的物联网 (IoT) 感染。这种努力遇到了严重的可用性问题。鉴于通常不知道感染了哪种设备,他们只能为用户提供非常通用的清理建议,试图涵盖所有设备类型和修复路径。这个建议有用吗?用户遵守说明的程度如何?更多的合规性是否会导致更高的清理率?这项研究首次阐明了这些问题。我们与一家 ISP 合作,设计了一项随机对照实验,随后进行了一项用户调查。我们将 Mirai 家族中受恶意软件影响的 177 名消费者随机分配到三个不同的组:(i) 通过围墙花园(隔离网络)通知,(ii) 通过电子邮件通知,(iii) 没有立即通知,即对照组。该通知要求用户采取五个步骤来修复感染。我们根据通信-人类信息处理理论对其中 95 位客户进行了电话调查。我们模拟了治疗、理解和动机对每个客户的合规率的影响,同时控制了人口统计和受感染设备类型的差异。我们还估计了合规性导致成功清理受感染物联网设备的程度。虽然只有 24% 的通知用户执行了所有五个补救步骤,但 92% 的通知用户至少执行了一项操作。合规性将成功清理的概率提高了 32%,而竞争恶意软件的存在将其降低了 54%。
更新日期:2021-07-15
中文翻译:
物联网恶意软件通知后的用户合规性和补救成功
互联网服务提供商 (ISP) 正在参与修复最终用户的物联网 (IoT) 感染。这种努力遇到了严重的可用性问题。鉴于通常不知道感染了哪种设备,他们只能为用户提供非常通用的清理建议,试图涵盖所有设备类型和修复路径。这个建议有用吗?用户遵守说明的程度如何?更多的合规性是否会导致更高的清理率?这项研究首次阐明了这些问题。我们与一家 ISP 合作,设计了一项随机对照实验,随后进行了一项用户调查。我们将 Mirai 家族中受恶意软件影响的 177 名消费者随机分配到三个不同的组:(i) 通过围墙花园(隔离网络)通知,(ii) 通过电子邮件通知,(iii) 没有立即通知,即对照组。该通知要求用户采取五个步骤来修复感染。我们根据通信-人类信息处理理论对其中 95 位客户进行了电话调查。我们模拟了治疗、理解和动机对每个客户的合规率的影响,同时控制了人口统计和受感染设备类型的差异。我们还估计了合规性导致成功清理受感染物联网设备的程度。虽然只有 24% 的通知用户执行了所有五个补救步骤,但 92% 的通知用户至少执行了一项操作。合规性将成功清理的概率提高了 32%,而竞争恶意软件的存在将其降低了 54%。
京公网安备 11010802027423号