2024-08-07 –, Siena
Often when folks think of security research, they think of reverse engineering, tracking threat actors, or pentesting. While these are valid, there’s one side of security research that is often forgotten or misunderstood – Internet Measurement. In order to improve the world, we need to quantify it first, and that’s where Internet Measurement comes into play.
In this talk, I’ll use my 8 years of hands-on experience to dive deep into the world of Internet Measurement and show attendees why we should care MORE about Internet Measurement as a security research tool. To start, I’ll discuss the details of three very different measurement projects: evaluating attacker behavior in a niche market, quantifying Internet Ephemerality, and improving vulnerability notifications. I’ll clarify the questions we were trying to answer, how we thought about our measurements, and the impact the outcomes had. Most importantly, I’ll hypothesize what we would have missed had the work NOT happened.
By discussing these three disparate projects, I hope attendees will walk away understanding what Internet Measurement is, why it’s so useful in the world of security, and how security practitioners can apply these lessons to their own environments.
This talk is a bit of a “highlights reel” of my favorite past and current projects and is motivated by trying to evangelize Internet Measurement more broadly in the security community. I gave this talk internally at Censys and it was super well received by technical and non-technical audiences alike, so much so that I submitted it to Vancouver, where I’ll be presenting it in late May. My hope is to take any feedback from Vancouver, apply it to this talk, and give it to a wider audience at BsidesLV in August.
I’ll start by sharing a high level overview of what Internet measurement is, sprinkled with some funny anecdotes about what people have told me Internet Measurement is (e.g. a prospective grad student who said “You just count things?”. Yes. My whole job is counting things.). In this overview, I’ll lay out the three projects I am hoping to touch on briefly – hiring russian hackers for hire, measuring the ephemerality of the Internet, and improving vulnerability notifications – and discuss 1) what is the overarching question(s) that we were trying to answer 2) why they mattered and 3) what the underlying measurements were to answer those questions. I’ll then spend about 5 minutes on each giving highlights of the outcomes of the measurement techniques, and wrap up by showing how executing measurements allowed us to answer our original questions and impact users positively. I’ll end with a question asking the audience how they might be able to use measurement to answer their interesting security questions, and invite folks to come find me to brainstorm.
Ariana Mirian currently works as a senior security researcher at Censys, where she uses Internet Measurement to answer interesting security questions. Prior to Censys, she received her PhD from UCSD, where her thesis focused on answering the question: how can we use large scale measurement and analysis to better prioritize security processes? When not geeking out about Internet Measurement and security, Ariana is also an avid aerialist and birder.