Achieving computer security requires both rigorous empirical measurement and models to understand cybersecurity phenomena and the effectiveness of defenses and interventions. To address the growing scale of cyber-insecurity, my approach to protecting users employs principled and rigorous measurements and models. In this dissertation, I examine four cybersecurity phenomena. I show that data-driven and abstract modeling can reveal surprising conclusions about longterm, persistent problems, like spam and malware, and growing threats like data-breaches and cyber conflict. I present two data-driven statistical models and two abstract models. Both of the data-driven models show that the presence of heavy-tailed distributions can make naive a...
Given the significance policymakers place on cybersecurity, how effective has a decade of policy int...
Spam, the distribution of unsolicited bulk email, is a big security threat on the Internet. Recent s...
A successful large-scale cyberterrorism attack has never been conducted against the United States, y...
Achieving computer security requires both rigorous empirical measurement and models to understand cy...
Networks have an increasing influence on our modern life, making Cybersecurity an important field of...
Cyber-attacks targeting individuals and enterprises have become a predominant part of the computer/i...
Spam is an increasing menace in email: 90% of email is spam, and over 90% of spam is sent by botnets...
Moderate and measured takes on cyber security threats are swamped by the recent flood of research an...
Cyber systems are ubiquitous in all aspects of society. At the same time, breaches to cyber systems ...
A new influence model for Cyber Security is presented that deals with security attacks and implement...
Much of computer security research today engages a hypothetical adversary: one whose aims and method...
In recent years, malware authors drastically changed their course on the subject of threat design an...
The rise in popularity of online services such as social networks,web-based emails, and blogs has ma...
Modeling the occurrence of computer security incidents within a defined population of computers can ...
Even though there has been a rapid increase in state cybercapacity over the last two decades, resear...
Given the significance policymakers place on cybersecurity, how effective has a decade of policy int...
Spam, the distribution of unsolicited bulk email, is a big security threat on the Internet. Recent s...
A successful large-scale cyberterrorism attack has never been conducted against the United States, y...
Achieving computer security requires both rigorous empirical measurement and models to understand cy...
Networks have an increasing influence on our modern life, making Cybersecurity an important field of...
Cyber-attacks targeting individuals and enterprises have become a predominant part of the computer/i...
Spam is an increasing menace in email: 90% of email is spam, and over 90% of spam is sent by botnets...
Moderate and measured takes on cyber security threats are swamped by the recent flood of research an...
Cyber systems are ubiquitous in all aspects of society. At the same time, breaches to cyber systems ...
A new influence model for Cyber Security is presented that deals with security attacks and implement...
Much of computer security research today engages a hypothetical adversary: one whose aims and method...
In recent years, malware authors drastically changed their course on the subject of threat design an...
The rise in popularity of online services such as social networks,web-based emails, and blogs has ma...
Modeling the occurrence of computer security incidents within a defined population of computers can ...
Even though there has been a rapid increase in state cybercapacity over the last two decades, resear...
Given the significance policymakers place on cybersecurity, how effective has a decade of policy int...
Spam, the distribution of unsolicited bulk email, is a big security threat on the Internet. Recent s...
A successful large-scale cyberterrorism attack has never been conducted against the United States, y...