Ask WINE: Are We Safer Today? Evaluating Operating System Security Through Big Data Analysis

TitleAsk WINE: Are We Safer Today? Evaluating Operating System Security Through Big Data Analysis
Publication TypeConference Papers
Year of Publication2012
AuthorsDumitras T, Efstathopoulos P
Conference NameLEET'12 Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats
Date Published2012/04/24/
PublisherUSENIX Association
Abstract

The Internet can be a dangerous place: 800,000 new malware variants are detected each day, and this number is growing at an exponential rate--driven by the quest for economic gains. However, over the past ten years operating-system vendors have introduced a number of security technologies that aim to make exploits harder and to reduce the attack surface of the platform. Faced with these two conflicting trends, it is difficult for end-users to determine what techniques make them safer from Internet attacks. In this position paper, we argue that to answer this question conclusively we must analyze field data collected on real hosts that are targeted by attacks--e.g., the approximately 50 million records of anti-virus telemetry available through Symantec's WINE platform. Such studies can characterize the factors that drive the production of malware, can help us understand the impact of security technologies in the real world and can suggest new security metrics, derived from field observations rather than small lab experiments, indicating how susceptible to attacks a computing platform may be.

URLhttp://dl.acm.org/citation.cfm?id=2228340.2228356