It’s 7:15 am on a Friday morning, and Jordan wants to download an application to their laptop. They know the app by name, or so they think; they open a new tab in their Internet browser and mistype the app’s name. The error brings them to a malicious website that looks like a legitimate site, only it isn’t, causing Jordan to download an app containing malware. Jordan’s computer is now infected with malware.
Jordan is a real person, although their name isn’t really Jordan. They were a participant in a new study by CyLab researchers that aimed to learn what ‘normal’ Internet browsing looks like. Such datasets didn’t previously exist, but now that one does, researchers can better understand how people like “Jordan” are led to download malicious content and come up with ways to prevent that from happening again.
Their study, titled “How Do Home Computer Users Browse the Web?” was published in the latest issue of ACM Transactions on the Web.
“The goal for this paper was to be a foundation that other researchers could use,” says CyLab’s Kyle Crichton, a Ph.D. student in Engineering and Public Policy and the study’s lead author. “Now that we know what normal behavior looks like, we can start to identify anomalous behavior and begin to address any number of security challenges.”
The goal for this paper was to be a foundation that other researchers could use.Kyle Crichton, Ph.D. student, Engineering and Public Policy
To create their dataset, the authors of the study observed the browsing behavior of 257 willing participants through the Security Behavior Observatory (SBO), a group of participants consenting to have their daily computing behaviors observed. One might think consenting to being monitored may lead one to act a bit different than they normally would, but Crichton says he doesn’t believe that happened here.
“In general, there was a substantial number of visits to potentially pirated streaming websites, pornographic websites, and gambling websites,” Crichton says. “Therefore, we assume that they were generally behaving as they normally do.”
So what does “normal” browsing look like? Lots of browser tab usage—some use just a few and some use a ton—and most time is spent on the top 1% of websites.
“People spend most of their time on a small number of websites,” says Crichton. “Fifty percent of people’s browsing time is spent on roughly 30 websites, among millions of websites.”
Fifty percent of people’s browsing time is spent on roughly 30 websites.Kyle Crichton, Ph.D. student, Engineering and Public Policy
Occasionally, Crichton says, people end up at what he refers to as “the periphery” of the Internet—relatively low traffic websites that are commonly associated with riskier content. These sites are often adware, gambling, pornography, and potentially illegal streaming websites.
“We observed a lot of people who started out at a popular streaming service like Netflix or Hulu, and they must not have found what they wanted, then they'd jump out to the periphery,” Crichton says.
While the study may serve as a foundation for other researchers to use, it’ll do so only until people’s browsing behavior evolves enough to necessitate recording a new baseline, which Crichton says is inevitable.
“When Google came out in the late 90s, people’s way of finding content quickly changed,” he says. “People’s browsing behavior shifted again when tabbed browsing was introduced in the mid-2000s. It’s these gamechangers that are introduced, and things rapidly evolve.”