QUANTIFYING AND PREDICTING USER REPUTATION IN A NETWORK SECURITY CONTEXT

Simple item page
dc.contributor.advisorCukier, Michelen_US
dc.contributor.authorGratian, Margaret Stephanieen_US
dc.contributor.departmentReliability Engineeringen_US
dc.contributor.publisherDigital Repository at the University of Marylanden_US
dc.contributor.publisherUniversity of Maryland (College Park, Md.)en_US
dc.date.accessioned2019-06-19T05:35:21Z
dc.date.available2019-06-19T05:35:21Z
dc.date.issued2019en_US
dc.description.abstractReputation has long been an important factor for establishing trust and evaluating the character of others. Though subjective by definition, it recently emerged in the field of cybersecurity as a metric to quantify and predict the nature of domain names, IP addresses, files, and more. Implicit in the use of reputation to enhance cybersecurity is the assumption that past behaviors and opinions of others provides insight into the expected future behavior of an entity, which can be used to proactively identify potential threats to cybersecurity. Despite the plethora of work in industry and academia on reputation in cyberspace, proposed methods are often presented as black boxes and lack scientific rigor, reproducibility, and validation. Moreover, despite widespread recognition that cybersecurity solutions must consider the human user, there is limited work focusing on user reputation in a security context. This dissertation presents a mathematical interpretation of user cyber reputation and a methodology for evaluating reputation in a network security context. A user’s cyber reputation is defined as the most likely probability the user demonstrates a specific characteristic on the network, based on evidence. The methodology for evaluating user reputation is presented in three phases: characteristic definition and evidence collection; reputation quantification and prediction; and reputation model validation and refinement. The methodology is illustrated through a case study on a large university network, where network traffic data is used as evidence to determine the likelihood a user becomes infected or remains uninfected on the network. A separate case study explores social media as an alternate source of data for evaluating user reputation. User-reported account compromise data is collected from Twitter and used to predict if a user will self-report compromise. This case study uncovers user cybersecurity experiences and victimization trends and emphasizes the feasibility of using social media to enhance understandings of users from a security perspective. Overall, this dissertation presents an exploration into the complicated space of cyber identity. As new threats to security, user privacy, and information integrity continue to manifest, the need for reputation systems and techniques to evaluate and validate online identities will continue to grow.en_US
dc.identifierhttps://doi.org/10.13016/ho8e-cz3a
dc.identifier.urihttp://hdl.handle.net/1903/21900
dc.language.isoenen_US
dc.subject.pqcontrolledComputer scienceen_US
dc.subject.pquncontrolledcybersecurityen_US
dc.subject.pquncontrolledhuman factorsen_US
dc.subject.pquncontrollednetwork securityen_US
dc.subject.pquncontrolledreputationen_US
dc.subject.pquncontrolleduser behavioren_US
dc.subject.pquncontrolledvictimologyen_US
dc.titleQUANTIFYING AND PREDICTING USER REPUTATION IN A NETWORK SECURITY CONTEXTen_US
dc.typeDissertationen_US

Files

Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
Gratian_umd_0117E_19749.pdf
Size:
14.95 MB
Format:
Adobe Portable Document Format
Download

Collections

UMD Theses and Dissertations
Mechanical Engineering Theses and Dissertations