Final Seminar of the Spring Google and UMD Cybersecurity Series

news story image

Talk Title:  Network Security Economics: Identifying Choke Points and Understanding Incentives to Improve Online Security

Abstract:

With the rise of financially-motivated computer abuse, understanding economic incentives of both attackers and targets has become critical to strengthening online security. In this talk, I will advocate the need for an interdisciplinary research agenda, ranging from network measurements and analysis to game-theoretic modeling.

I will first show how empirical network measurements help better design intervention mechanisms against attackers. Using the online sale of unlicensed pharmaceutical drugs as a case study, I will describe how longitudinal, large-scale measurements and analysis reveal important structural properties of a priori complex criminal ecosystems. I will in particular demonstrate the existence of "choke points" both in traffic brokering and product supply, which should be prime targets for intervention.

In addition to disrupting attackers' operations, improving overall network security also requires users strengthen their defenses -- but which incentives do they have to do so? I will introduce a game-theoretic model that we developed to describe how rational users respond to security threats in large-scale networks. I will use this model to show how network effects, specifically negative network externalities, strongly influence security decision making. I will conclude by outlining a roadmap for future security research combining measurements, mathematical modeling and behavioral aspects.

Bio:

Nicolas Christin is the Associate Director of the Information Networking Institute at Carnegie Mellon University, and a research faculty (Senior Systems Scientist) in CyLab, Electrical and Computer Engineering, and Engineering and Public Policy. He holds a Diplôme d'Ingénieur from École Centrale Lille, and M.S. and Ph.D. degrees in Computer Science from the University of Virginia. After a postdoc in the School of Information at the University of California, Berkeley, he joined Carnegie Mellon in 2005. He served for three years as resident faculty at CMU CyLab Japan, before returning to Carnegie Mellon's main campus in 2008. His research interests are in computer and information systems networks; most of his work is at the boundary of systems and policy research, with a slant toward security aspects. He has most recently focused on online crime, security economics, and psychological aspects of computer security. He equally enjoys field measurements and mathematical modeling.

The event is free and open to the campus community and friends in industry, government and non-profit organizations. Registration is required.

Guests can register for Dr. Christin's talk here.

The Google and University of Maryland Cybersecurity Seminar Series is organized by the Maryland Cybersecurity Center, a multidisciplinary initiative at the University of Maryland advancing innovative research, education, and technology development in cybersecurity. The Google seminar series features diverse speakers from industry, academia, and government, addressing a broad range of topics related to cybersecurity, including technology, policy, and economics, placing special emphasis on "the human factor" of cybersecurity.