1,720,994 research outputs found
Hate Raids on Twitch: Echoes of the Past, New Modalities, and Implications for Platform Governance
No full textn the summer of 2021, users on the livestreaming platform Twitch were targeted by a wave of "hate raids," a form of attack that overwhelms a streamer's chatroom with hateful messages, often through the use of bots and automation. Using a mixed-methods approach, we combine a quantitative measurement of attacks across the platform with interviews of streamers and third-party bot developers. We present evidence that confirms that some hate raids were highly-targeted, hate-driven attacks, but we also observe another mode of hate raid similar to networked harassment and specific forms of subcultural trolling. We show that the streamers who self-identify as LGBTQ+ and/or Black were disproportionately targeted and that hate raid messages were most commonly rooted in anti-Black racism and antisemitism. We also document how these attacks elicited rapid community responses in both bolstering reactive moderation and developing proactive mitigations for future attacks. We conclude by discussing how platforms can better prepare for attacks and protect at-risk communities while considering the division of labor between community moderators, tool-builders, and platforms
Fast Internet-Wide Scanning: A New Security Perspective
Full text linkTechniques like passive observation and random sampling let researchers understand many aspects of Internet day-to-day operation, yet these methodologies often focus on popular services or a small demographic of users, rather than providing a comprehensive view of the devices and services that constitute the Internet. As the diversity of devices and the role they play in critical infrastructure increases, so does understanding the dynamics of and securing these hosts. This dissertation shows how fast Internet-wide scanning provides a near-global perspective of edge hosts that enables researchers to uncover security weaknesses that only emerge at scale.
First, I show that it is possible to efficiently scan the IPv4 address space. ZMap: a network scanner specifically architected for large-scale research studies can survey the entire IPv4 address space from a single machine in under an hour at 97% of the theoretical maximum speed of gigabit Ethernet with an estimated 98% coverage of publicly available hosts. Building on ZMap, I introduce Censys, a public service that maintains up-to-date and legacy snapshots of the hosts and services running across the public IPv4 address space. Censys enables researchers to efficiently ask a range of security questions.
Next, I present four case studies that highlight how Internet-wide scanning can identify new classes of weaknesses that only emerge at scale, uncover unexpected attacks, shed light on previously opaque distributed systems on the Internet, and understand the impact of consequential vulnerabilities. Finally, I explore how in- creased contention over IPv4 addresses introduces new challenges for performing large-scale empirical studies. I conclude with suggested directions that the re- search community needs to consider to retain the degree of visibility that Internet-wide scanning currently provides.PhDComputer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttps://deepblue.lib.umich.edu/bitstream/2027.42/138660/1/zakir_1.pd
A principled approach to measuring the IoT ecosystem
Full text linkInternet of Things (IoT) devices combine network connectivity, cheap hardware, and actuation to provide new ways to interface with the world. In spite of this growth, little work has been done to measure the network properties of IoT devices. Such measurements can help to inform systems designers and security researchers of IoT networking behavior in practice to guide future research.
Unfortunately, properly measuring the IoT ecosystem is not trivial. Devices may have different capabilities and behaviors, which require both active measurements and passive observation to quantify. Furthermore, the IoT devices that are connected to the public Internet may vary from those connected inside home networks, requiring both an external and internal vantage point to draw measurements from. In this thesis, we demonstrate how IoT measurements drawn from a single vantage point or mesaurement technique lead to a biased view of the network services in the IoT ecosystem. To do this, we conduct several real-world IoT measurements, drawn from both inside and outside home networks using active and passive monitoring.
First, we leverage active scanning and passive observation in understanding the Mirai botnet---chiefly, we report on the devices it infected, the command and control infrastructure behind the botnet, and how the malware evolved over time. We then conduct active measurements from inside 16M home networks spanning 83M devices from 11~geographic regions to survey the IoT devices installed around the world. We demonstrate how these measurements can uncover the device types that are most at risk and the vendors who manufacture the weakest devices. We compare our measurements with passive external observation by detecting compromised scanning behavior from smart homes. We find that while passive external observation can drive insight about compromised networks, it offers little by way of concrete device attribution. We next compare our results from active external scanning with active internal scanning and show how relying solely on external scanning for IoT measurements under-reports security important IoT protocols, potentially skewing the services investigated by the security community. Finally, we conduct passive measurements of 275~smart home networks to investigate IoT behavior. We find that IoT device behavior varies by type and devices regularly communicate over a myriad of bespoke ports, in many cases to speak standard protocols (e.g., HTTP). Finally, we observe that devices regularly offer active services (e.g., Telnet, rpcbind) that are rarely, if ever, used in actual communication, demonstrating the need for both active and passive measurements to properly compare device capabilities and behaviors.
Our results highlight the need for a confluence of measurement perspectives to comprehensively understand IoT ecosystem. We conclude with recommendations for future measurements of IoT devices as well as directions for the systems and security community informed by our work.Submission original under an indefinite embargo labeled 'Open Access'. The submission was exported from vireo on 2020-10-02 without embargo termsThe student, Deepak Kumar, accepted the attached license on 2020-07-15 at 11:03.The student, Deepak Kumar, submitted this Dissertation for approval on 2020-07-15 at 11:08.This Dissertation was approved for publication on 2020-07-15 at 14:36.DSpace SAF Submission Ingestion Package generated from Vireo submission #15633 on 2020-10-02 at 15:13:53Made available in DSpace on 2020-10-07T20:59:54Z (GMT). No. of bitstreams: 2
KUMAR-DISSERTATION-2020.pdf: 1296099 bytes, checksum: 4e9158e761c921119e44fa276a3d8474 (MD5)
LICENSE.txt: 4209 bytes, checksum: 446a80a2e70051880024d27e8deb79ef (MD5)
Previous issue date: 2020-07-1
Going Beyond Counting First Authors in Author Co-citation Analysis
Full text linkThe present study examines one of the fundamental aspects of author co-citation analysis (ACA) - the way co-citation
counts are defined. Co-citation counting provides the data on which all subsequent statistical analyses and mappings
are based, and we compare ACA results based on two different types of co-citation counting - the traditional type that
only counts the first one among a cited work's authors on the one hand and a non-traditional type that takes into
account the first 5 authors of a cited work on the other hand. Results indicate that the picture produced through this non-traditional author co-citation counting contains more coherent author groups and is therefore considerably clearer. However, this picture represents fewer specialties in the research field being studied than that produced through the traditional first-author co-citation counting when the same number of top-ranked authors is selected and analyzed. Reasons for these effects are discussed
Variations on the Author
Full text link“Variations on the Author” discusses two of Eduardo Coutinho’s recent films (Um Dia na Vida, from 2010, and Últimas Conversas, posthumously released in 2015) and their contribution to the general question of documentary authorship. The director’s filmography is characterized by a consistent yet self-effacing form of authorial self-inscription: Coutinho often features as an interviewer that rather than express opinions propels discourses; an interviewer that is good at listening. This mode of self-inscription characterizes him as an author who is not expressive but who is nonetheless markedly present on the screen. In Um Dia na Vida, however, Coutinho is completely absent form the image, while Últimas Conversas, on the contrary, includes a confessional prologue that moves the director from the margins to the center of his films. This article examines the ways in which these works stand out in the filmography of a director who offers new insights into the notion of cinematic authorship
Appropriate Similarity Measures for Author Cocitation Analysis
Full text linkWe provide a number of new insights into the methodological discussion about author cocitation analysis. We first argue that the use of the Pearson correlation for measuring the similarity between authors’ cocitation profiles is not very satisfactory. We then discuss what kind of similarity measures may be used as an alternative to the Pearson correlation. We consider three similarity measures in particular. One is the well-known cosine. The other two similarity measures have not been used before in the bibliometric literature. Finally, we show by means of an example that our findings have a high practical relevance.information science;Pearson correlation;cosine;similarity measure;author cocitation analysis
Understanding the trust relationships of the web PKI
Full text linkTLS and the applications it secures (e.g., email, online banking, social media) rely on the web PKI to provide authentication. Without strong authentication guarantees, a capable attacker can impersonate trusted network entities and undermine both data integrity and confidentiality. At its core, the web PKI succeeds as a global authentication system because of the scalability afforded by trust. Instead of requiring every network entity to directly authenticate every other network entity, network entities trust certification authorities (CAs) to perform authentication on their behalf.
Prior work has extensively studied the TLS protocol and CA authentication of network entities (i.e., certificate issuance), but few have examined even the most foundational aspect of trust management and understood which CAs are trusted by which TLS user agents, and why. One major reason for this disparity is the opacity of trust management in two regards: difficult data access and poor specifications. It is relatively easy to acquire and test popular TLS client/server software and issued certificates. On the other hand, tracking trust policies/deployments and evaluating CA operations is less straightforward, but just as important for securing the web PKI.
This dissertation is one of the first attempts to overcome trust management opacity. By observing new measurement perspectives and developing novel fingerprinting techniques, we discover the CAs that operate trust anchors, the default trust anchors that popular TLS user agents rely on, and a general class of injected trust anchors: TLS interceptors. This research not only facilitates new ecosystem visibility, it also provides an empirical grounding for trust management specification and evaluation. Furthermore, our findings point to many instances of questionable, and sometimes broken, security practices such as improperly identified CAs, inadvertent and overly permissive trust, and trivially exploitable injected trust. We argue that most of these issues stem from inadequate transparency, and that explicit mechanisms for linking trust anchors and root stores to their origins would help remedy these problems.Submission original under an indefinite embargo labeled 'Open Access'. The submission was exported from vireo on 2022-01-12 without embargo termsThe student, Zane Ma, accepted the attached license on 2021-07-09 at 16:06.The student, Zane Ma, submitted this Dissertation for approval on 2021-07-09 at 16:09.This Dissertation was approved for publication on 2021-07-11 at 19:16.DSpace SAF Submission Ingestion Package generated from Vireo submission #16838 on 2022-01-12 at 12:44:45Made available in DSpace on 2022-01-12T21:45:32Z (GMT). No. of bitstreams: 2
MA-DISSERTATION-2021.pdf: 2956603 bytes, checksum: 887f894fa640acb741a7e46f4e78abb3 (MD5)
LICENSE.txt: 4204 bytes, checksum: ec290215b94f22d2f8d6d670bf2c5033 (MD5)
Previous issue date: 2021-07-1
Dispelling the Myths Behind First-author Citation Counts
Full text linkWe conducted a full-scale evaluative citation analysis study of scholars in the XML research field to explore just how different from each other author rankings resulting from different citation counting methods actually are, and to demonstrate the capability of emerging data and tools on the Web in supporting more realistic citation counting methods. Our results contest some common arguments for the continued
use of first-author citation counts in the evaluation of scholars, such as high correlations between author rankings by first-author citation counts and other citation
counting methods, and high costs of using more realistic citation counting methods that are not well-supported by the ISI databases. It is argued that increasingly available digital full text research papers make it possible for citation analysis studies to go beyond what the ISI databases have directly supported and to employ more
sophisticated methods
- …
