In a unique collaboration, an engineer and a criminologist at the
University of Maryland, College Park, are applying criminological
concepts and research methods in the study of cyber-crime, leading to
recommendations for IT managers to use in the prevention of
cyber-attacks on their networks.
In one study that focused on the victims of cyber-attacks, the
researchers analyzed data made available by the university's Office of
Information Technology, which included instances of computer exploits,
illegal computer port scans and Denial of Service (DoS) attacks.
Applying criminological rationale proposed by the "Routine Activities
Perspective," Michel Cukier, associate professor of reliability
engineering at the A. James Clark School of Engineering and Institute
for Systems Research, and David Maimon, assistant professor of
criminology and criminal justice in the College of Behavioral and
Social Sciences, analyzed computer focused crime trends between the
years 2007-2009 against the university network.
According to this perspective, which is designed to understand
criminal victimization trends, successful criminal incidents are the
consequence of the convergence in space and time of motivated
offenders, suitable victims and the absence of capable guardians. The
researchers hypothesized that the campus would be more likely to be
cyber-attacked during business hours than during down times like after
midnight and on weekends. Their study of the campus data confirmed
their theories.
The research team is studying cyber-attacks from two different
angles - that of the user and that of the attacker. Both are members of
the Maryland Cybersecurity Center. Their work is thought to be one of
the first looks at the relationship between computer-network activity
patterns and computer-focused crime trends. "We believe that
criminological insights in the study of cyber-crime are important,
since they may support the development of concrete security policies
that consider not only the technical element of cyber-crime but also
the human component," Maimon said. "Our analysis demonstrates that
computer-focused crimes are more frequent during times of day that
computer users are using their networked computers to engage in their
daily working and studying routines.”
Cukier and Maimon said the results of their research point to the
following potential solutions, including increased education and
awareness of the risks associated with computer-assisted and
computer-focused crimes among network users could prevent future
attacks, and said further defense strategies should rely on predictions
regarding the sources of attacks, based on the network users' social
backgrounds and online routines.
"Users expose the network to attacks. Simply by browsing sites on
the Web, Internet users make their computers' IP addresses and ports
visible to possible attackers, so the users' behavior does reflect on
the entire organization's security," Cukier said. "The study shows that
the human aspect needs to be included in security studies, where humans
are already referred as the 'weakest link.'"
