Skip to main content
SpringerLink
Log in

An Empirical Analysis of Risk Aversion in Malware Infections

  • Conference paper
  • First Online:
Risks and Security of Internet and Systems (CRiSIS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10694))

Included in the following conference series:

  • 1044 Accesses

Abstract

We present in this paper the results from a field study we conducted over a 4-month period. The experience aimed at evaluating the impact of the technological and human factors on the risk of getting infected by malware.

In this article, we applied the economic concept of risk aversion in order to study the behaviour of users towards the risk of malware infection. Our results show that younger users and men in particular, with a higher level of expertise in computer science are more susceptible to open multiple web accounts and install more software from the Internet. Furthermore, the increase in the level of expertise in computer science, creates in men a negative attitude towards alert messages of antivirus; while in women, the opposite happens.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ovelgönne, M., Dumitras, T., Prakash, B.A., et al.: Understanding the relationship between human behavior and susceptibility to cyber attacks: a data-driven approach. ACM Trans. Intell. Syst. Technol. (TIST) 8(4), 51 (2017)

    Google Scholar 

  2. Ion, I., Reeder, R., Consolvo, S.: No one Can Hack My Mind: comparing expert and non-expert security practices. In: SOUPS, pp. 327–346 (2015)

    Google Scholar 

  3. De Luca, A., Das, S., Ortlieb, M., et al.: Expert and non-expert attitudes towards (secure) instant messaging. In: Symposium on Usable Privacy and Security (SOUPS) 2016

    Google Scholar 

  4. Lalonde Lévesque, F., Nsiempba, J., Fernandez, J.M., et al.: A clinical study of risk factors related to malware infections. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 97–108. ACM (2013)

    Google Scholar 

  5. Lalonde Lévesque, F., Davis, C.R., Fernandez, J.M., Chiasson, S., Somayaji, A.: Methodology for a field study of anti-malware software. In: Blyth, J., Dietrich, S., Camp, L.J. (eds.) FC 2012. LNCS, vol. 7398, pp. 80–85. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34638-5_7

    Chapter  Google Scholar 

  6. Yen, T., Heorhladi, V., Oprea, A., et al.: An epidemiological study of malware encounters in a large enterprise. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 1117–1130. ACM (2014)

    Google Scholar 

  7. Carlinet, Y., Me, L., Debar, H., et al.: Analysis of computer infection risk factors based on customer network usage. In: Second International Conference on Emerging Security Information, Systems and Technologies, 2008, SECURWARE 2008, pp. 317–325. IEEE (2008)

    Google Scholar 

  8. Canali, D., Bilge, L., Balzarotti, D.: On the effectiveness of risk prediction based on users browsing behavior. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, pp. 171–182. ACM (2014)

    Google Scholar 

  9. Bossler, A.M., Holt, T.J.: On-line activities, guardianship, and malware infection: an examination of routine activities theory. Int. J. Cyber Criminol. 3(1), 400 (2009)

    Google Scholar 

  10. Ngo, F.T., Paternoster, R.: Cybercrime victimization: an examination of individual and situational level factors. Int. J. Cyber Criminol. 5(1), 773 (2011)

    Google Scholar 

  11. Lévesque, F.L., Fernandez, J.M., Batchelder, D.: Age and gender as independent risk factors for malware victimisation. In: Proceedings of the 31th International British Human Computer Interaction Conference. ACM, Sunderland, UK (2017)

    Google Scholar 

  12. Oliveira, D., Rocha, H., Yang, H., et al.: Dissecting spear phishing emails for older vs young adults: on the interplay of weapons of influence and life domains in predicting susceptibility to phishing. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, pp. 6412–6424. ACM (2017)

    Google Scholar 

  13. Grimes, G.A., Hough, M.G., Signorella, M.L.: Email end users and spam: relations of gender and age group to attitudes and actions. Comput. Hum. Behav. 23(1), 318–332 (2007)

    Article  Google Scholar 

  14. Sheng, S., Holbrook, M., Kumaraguru, P., et al.: Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 373–382. ACM (2010)

    Google Scholar 

  15. Luhmann, N:. Confiance et familiarité. Réseaux (4), 15–35 (2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. École Polytechnique de Montréal, Montréal, QC, Canada

    Jude Jacob Nsiempba, Fanny Lalonde Lévesque, Nathalie de Marcellis-Warin & José M. Fernandez

Authors
  1. Jude Jacob Nsiempba
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fanny Lalonde Lévesque
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nathalie de Marcellis-Warin
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. José M. Fernandez
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jude Jacob Nsiempba .

Editor information

Editors and Affiliations

  1. IMT Atlantique, Cesson Sévigné, France

    Nora Cuppens

  2. IMT Atlantique, Cesson Sévigné, France

    Frédéric Cuppens

  3. LHS Rennes, Rennes, France

    Jean-Louis Lanet

  4. Inria, Rennes, France

    Axel Legay

  5. Télécom SudParis, Evry Cedex, France

    Joaquin Garcia-Alfaro

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Nsiempba, J.J., Lévesque, F.L., de Marcellis-Warin, N., Fernandez, J.M. (2018). An Empirical Analysis of Risk Aversion in Malware Infections. In: Cuppens, N., Cuppens, F., Lanet, JL., Legay, A., Garcia-Alfaro, J. (eds) Risks and Security of Internet and Systems. CRiSIS 2017. Lecture Notes in Computer Science(), vol 10694. Springer, Cham. https://doi.org/10.1007/978-3-319-76687-4_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-76687-4_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-76686-7

  • Online ISBN: 978-3-319-76687-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation