110 likes | 216 Views
What is Network and Security Research?. Network and Security Research, or Information Communication Technology (ICT) Research involves: the collection, use and disclosure of information collected via networks or using hardware and software associated with information technology
E N D
What is Network and Security Research? Network and Security Research, or Information Communication Technology (ICT) Research involves: • the collection, use and disclosure of information collected via networks or using hardware and software associated with information technology • Examples include: • Phishing experiments • Botnets • Honeypots • Analysis of internet network traffic
Ethical Challenges in ICT Research ICT research differs from traditional human subjects research which poses new ethical challenges: • Interactions with humans are often indirect with intervening technology • It is often not feasible to obtain informed consent • Deception may be necessary • There are varying degrees of linkage between data and individuals’ identities for behaviors • Researchers can easily engage millions of “subjects” and billions of associated data “objects” simultaneously.
There is more to it than “data” Network Host Computer Application Data http://en.wikipedia.org/wiki/McCumber_cube Information and Information System
Case Studies of ICT Research • Studying Spamming Botnets Using Botlab • P2P as Botnet Command and Control: A Deeper Insight • DDoS Attacks Against South Korean and U.S. Government Sites • BBC: Experiments with Commercial Botnets • Lycos Europe “Make Love Not Spam” Campaign • University of Bonn: “Stormfucker” • Information Warfare Monitor: “Ghostnet” • Tipping Point: Kraken Botnet Takeover • Symbiot: “Active Defense” • Tracing Anonymous Packets to the Approximate Source • LxLabs Kloxo/HyperVM • Exploiting Open Functionality in SMS-Capable Networks • Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses • Black Ops 2008 -- Its The End Of The Cache As We Know It • How to Own the Internet in Your Spare Time • Botnet Design • RFID Hacking • WORM vs. WORM: preliminary study of an active counter-attack mechanism • A Pact with the Devil • Playing Devil's Advocate: Inferring Sensitive Data from Anonymized Network Traces • Protected Repository for the Defense of Infrastructure Against Cyber Attacks • Shining Light in Dark Places: Understanding the ToR Network • Learning More About the Underground Economy: A Case Study of Keyloggers and Dropzones • Your Botnet is My Botnet: Examination of a Botnet Takeover • Why and How to Perform Fraud Experiments • Measurement and Mitigation of Peer-to-Peer-Based Botnets: A Case Study on Storm Worm • Spamalytics: An Empirical Analysis of Spam Marketing Conversion • Likely to be considered Human Subjects • Research subject • to IRB review
A Bit of Context • Review boards lack expertise in this area of research • It is difficult for researcher or IRB to quantify risks • Distance1 between researcher and “subject” differs from traditional human subjects research: • As the “distance” between the researcher and subject decreases, we are more likely to define the research scenario as one that involves “human subjects.” • As the “distance” increases, we are more likely to define the research scenario as one that does not involve “human subjects”. • Concern about possible “human harming research” 1 Elizabeth Buchanan and Annette Markham
Social Network Honeypot Case Study [Discuss here] SOCIAL NETWORK HONEYPOT CASE STUDY
Case Study: Social Network Honeypots • Research Method • Deceptively “friend” millions of users • Follow all posts, identifying malware through “sandbox” analysis • Develop detection and filtering mechanisms • Involved Stakeholders • End users of social networks (i.e., victims) • Criminals • Social network platform providers • Law enforcement • Researchers
Case Study: Social Network Honeypots • Benefits • New detective, protective, and possibly investigative techniques • Publicity from novel, high-profile research • Risks of harm • Loss of user privacy (researcher obtaining personal communications and personally identifiable information) • Harm resulting from use of deception • Costs to provider to respond to complaints • Harming a criminal investigation • Violation of acceptable use policy
Case Study: Social Network Honeypots • Benefits • New detective, protective, and possibly investigative techniques • Publicity from novel, high-profile research • Risks of harm • Loss of user privacy (researcher obtaining personal communications and personally identifiable information) • Harm resulting from use of deception • Costs to provider to respond to complaints • Harming a criminal investigation • Violation of acceptable use policy
Case study: Questions THIS IS A TEST! In this case study: • Is there use of “personally identifiable data?” • Is there an expectation ofprivacy in communications? • Is use of deception necessary? • Does it make a difference that amillion users (as opposed to hundreds)are being deceived? • Are waivers of consent and/orof debriefing warranted? • Does it matter that researchers may impact law enforcement investigations, or other researchers’ data collection/experimentation?