Search

Your search keyword '"Maochao Xu"' showing total 27 results
Start Over "Maochao Xu" Publication Year Range Last 10 years Database OpenAIRE
27 results on '"Maochao Xu"'

3. Multivariate dependence among cyber risks based on L-hop propagation

Author

Maochao Xu, Gaofeng Da, and Peng Zhao

Subjects
Statistics and Probability, Economics and Econometrics, Multivariate statistics, business.industry, Computer science, Association (object-oriented programming), Covariance, Measure (mathematics), Risk analysis (engineering), Component (UML), Statistics, Probability and Uncertainty, Hop (telecommunications), business, Risk management
Abstract

Dependence among cyber risks has been an essential and challenging component of risk management. The current study characterizes cyber dependence from both qualitative and quantitative perspectives based on L-hop propagation model. From the qualitative side, it is shown that cyber risks always possess positive association based on the proposed risk propagation model. From the quantitative side, an explicit formula for computing the fundamental dependence measure of covariance is provided for an arbitrary network. In particular, we study the impacts of factors—especially external and internal compromise probabilities, propagation depth, and network topologies—on dependence among cyber risks. We conclude by presenting some examples and applications.

Published
2021

4. Data Breach CAT Bonds: Modeling and Pricing

Author

Maochao Xu and Yiying Zhang

Subjects
Statistics and Probability, Economics and Econometrics, Actuarial science, education, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Data breach, behavioral disciplines and activities, humanities, Catastrophe bond, Work (electrical), Business, Statistics, Probability and Uncertainty, Extreme risk, Insurance industry, health care economics and organizations
Abstract

Data breaches cause millions of dollars in financial losses each year. The insurance industry has been exploring the ways to transfer such extreme risk. In this work, we investigate data breach cat...

Published
2021

5. Statistical modeling of computer malware propagation dynamics in cyberspace

Author

Peng Zhao, Taizhong Hu, Xing Fang, Shouhuai Xu, Zijian Fang, and Maochao Xu

Subjects
Statistics and Probability, Software_OPERATINGSYSTEMS, 021103 operations research, Computer science, 0211 other engineering and technologies, Statistical model, 02 engineering and technology, Articles, computer.software_genre, Computer security, 01 natural sciences, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, 010104 statistics & probability, Important research, Dynamics (music), Malware, 0101 mathematics, Statistics, Probability and Uncertainty, Cyberspace, computer, Cyber threats, Computer Science::Cryptography and Security
Abstract

Modeling cyber threats, such as the computer malicious software (malware) propagation dynamics in cyberspace, is an important research problem because models can deepen our understanding of dynamical cyber threats. In this paper, we study the statistical modeling of the macro-level evolution of dynamical cyber attacks. Specifically, we propose a Bayesian structural time series approach for modeling the computer malware propagation dynamics in cyberspace. Our model not only possesses the parsimony property (i.e. using few model parameters) but also can provide the predictive distribution of the dynamics by accommodating uncertainty. Our simulation study shows that the proposed model can fit and predict the computer malware propagation dynamics accurately, without requiring to know the information about the underlying attack-defense interaction mechanism and the underlying network topology. We use the model to study the propagation of two particular kinds of computer malware, namely the Conficker and Code Red worms, and show that our model has very satisfactory fitting and prediction accuracies.

Published
2022

6. Modeling Malicious Hacking Data Breach Risks

Author

Hong Sun, Maochao Xu, and Peng Zhao

Subjects
Statistics and Probability, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Economics and Econometrics, Cyber-Insurance, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Business, Data breach, Statistics, Probability and Uncertainty, Computer security, computer.software_genre, computer, Hacker
Abstract

Malicious hacking data breaches cause millions of dollars in financial losses each year, and more companies are seeking cyber insurance coverage. The lack of suitable statistical approaches for sco...

Published
2020

7. Modeling Network Systems Under Simultaneous Cyber-Attacks

Author

Gaofeng Da, Maochao Xu, and Peng Zhao

Subjects
021103 operations research, Computer science, Reliability (computer networking), Compromise, media_common.quotation_subject, Distributed computing, 0211 other engineering and technologies, Markov process, 02 engineering and technology, Upper and lower bounds, symbols.namesake, Related research, symbols, State (computer science), Electrical and Electronic Engineering, Safety, Risk, Reliability and Quality, media_common
Abstract

Modeling cyber-attacks is a very attractive area of research because of its practical importance. However, most of the related research in the literature does not consider the simultaneous (or coordinated) attacks, which, in fact, is an important attack instrument in practice. This is mainly because of the complicated evolution of cyber-attacks over networks. In this paper, we propose a novel model, which can accommodate different types of simultaneous attacks with possible heterogeneous compromise probabilities. Our results show that simultaneous attacks have a significant effect on the reliability/dynamics of network systems. In particular, we present a sufficient condition for the epidemics dying out over the network, and upper bounds for the time to extinction. We also provide upper bounds for compromise probabilities of network systems when the evolution enters the quasi-equilibrium state. The effects of strength of simultaneous attacks and heterogeneity among successful attack probabilities on epidemic spreading are studied as well. The theoretical results are further validated by the simulation evidence.

Published
2019

8. Cybersecurity Insurance: Modeling and Pricing

Author

Lei Hua and Maochao Xu

Subjects
Statistics and Probability, 010104 statistics & probability, Economics and Econometrics, 0103 physical sciences, Business, 0101 mathematics, Statistics, Probability and Uncertainty, 010306 general physics, Computer security, computer.software_genre, 01 natural sciences, computer
Abstract

Cybersecurity risk has attracted considerable attention in recent decades. However, the modeling of cybersecurity risk is still in its infancy, mainly because of its unique characteristics. In this...

Published
2019

10. Modeling and Predicting Cyber Hacking Breaches

Author

Kristin M. Schweitzer, Shouhuai Xu, Raymond M. Bateman, and Maochao Xu

Subjects
021110 strategic, defence & security studies, Computer Networks and Communications, Computer science, 0211 other engineering and technologies, ComputingMilieux_LEGALASPECTSOFCOMPUTING, 02 engineering and technology, Computer security, computer.software_genre, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Order (exchange), 0202 electrical engineering, electronic engineering, information engineering, Malware, 020201 artificial intelligence & image processing, Safety, Risk, Reliability and Quality, Set (psychology), computer, Hacker
Abstract

Analyzing cyber incident data sets is an important method for deepening our understanding of the evolution of the threat situation. This is a relatively new research topic, and many studies remain to be done. In this paper, we report a statistical analysis of a breach incident data set corresponding to 12 years (2005–2017) of cyber hacking activities that include malware attacks. We show that, in contrast to the findings reported in the literature, both hacking breach incident inter-arrival times and breach sizes should be modeled by stochastic processes, rather than by distributions because they exhibit autocorrelations. Then, we propose particular stochastic process models to, respectively, fit the inter-arrival times and the breach sizes. We also show that these models can predict the inter-arrival times and the breach sizes. In order to get deeper insights into the evolution of hacking breach incidents, we conduct both qualitative and quantitative trend analyses on the data set. We draw a set of cybersecurity insights, including that the threat of cyber hacks is indeed getting worse in terms of their frequency, but not in terms of the magnitude of their damage.

Published
2018

11. Modeling Multivariate Cyber Risks: Deep Learning Dating Extreme Value Theory

Author

Maochao Xu, Xing Fang, Mingyue Zhang Wu, Jinzhu Luo, and Peng Zhao

Subjects
FOS: Computer and information sciences, Statistics and Probability, Multivariate statistics, Computer science, 0211 other engineering and technologies, Machine Learning (stat.ML), 02 engineering and technology, Machine learning, computer.software_genre, 01 natural sciences, Statistics - Applications, Domain (software engineering), Task (project management), 010104 statistics & probability, Statistics - Machine Learning, Applications (stat.AP), 0101 mathematics, Extreme value theory, ComputingMilieux_MISCELLANEOUS, 021103 operations research, business.industry, Deep learning, Articles, Heavy-tailed distribution, Artificial intelligence, Statistics, Probability and Uncertainty, High dimensionality, business, computer
Abstract

Modeling cyber risks has been an important but challenging task in the domain of cyber security. It is mainly because of the high dimensionality and heavy tails of risk patterns. Those obstacles have hindered the development of statistical modeling of the multivariate cyber risks. In this work, we propose a novel approach for modeling the multivariate cyber risks which relies on the deep learning and extreme value theory. The proposed model not only enjoys the high accurate point predictions via deep learning but also can provide the satisfactory high quantile prediction via extreme value theory. The simulation study shows that the proposed model can model the multivariate cyber risks very well and provide satisfactory prediction performances. The empirical evidence based on real honeypot attack data also shows that the proposed model has very satisfactory prediction performances., 25 pages

Published
2021

12. Characterizing and Leveraging Granger Causality in Cybersecurity: Framework and Case Study

Author

Van Trieu-Do, Richard Garcia-Lebron, Yusheng Feng, Maochao Xu, and Shouhuai Xu

Subjects
Technology, Honeypot, causality, Computer science, Computer security, computer.software_genre, cyber attack forecasting, Domain (software engineering), Causality (physics), cyber attack rate, granger causality, Granger causality, Order (exchange), Cyber-attack, Relevance (information retrieval), Time series, time series, computer
Abstract

Causality is an intriguing concept that once tamed, can have many applications. While having been widely investigated in other domains, its relevance and usefulness in the cybersecurity domain has received little attention. In this paper, we present a systematic investigation of a particular approach to causality, known as Granger causality (G-causality), in cybersecurity. We propose a framework, dubbed Cybersecurity Granger Causality (CGC), for characterizing the presence of G-causality in cyber attack rate time series and for leveraging G-causality to predict (i.e., forecast) cyber attack rates. The framework offers a range of research questions, which can be adopted or adapted to study G-causality in other kinds of cybersecurity time series data. In order to demonstrate the usefulness of CGC, we present a case study by applying it to a particular cyber attack dataset collected at a honeypot. From this case study, we draw a number of insights into the usefulness and limitations of G-causality in the cybersecurity domain.

Published
2020

13. An efficient algorithm for computing the signatures of systems with exchangeable components and applications

Author

Gaofeng Da, Maochao Xu, and Ping Shing Chan

Subjects
010104 statistics & probability, 021103 operations research, Computer engineering, Computer science, Efficient algorithm, 0211 other engineering and technologies, 02 engineering and technology, 0101 mathematics, 01 natural sciences, Shock model, Industrial and Manufacturing Engineering, Signature (logic), Reliability (statistics)
Abstract

Computing the system signature is an attractive but challenging problem in system reliability. In this article, we propose a novel algorithm to compute the signature of a system with exchangeable c...

Published
2018

14. On the signature of complex system: A decomposed approach

Author

Ping Shing Chan, Gaofeng Da, and Maochao Xu

Subjects
Structure (mathematical logic), 021103 operations research, Information Systems and Management, General Computer Science, Computer science, Computation, Distributed computing, 0211 other engineering and technologies, Complex system, 02 engineering and technology, Management Science and Operations Research, 01 natural sciences, Industrial and Manufacturing Engineering, Signature (logic), 010104 statistics & probability, Modeling and Simulation, 0101 mathematics, Architecture
Abstract

The computation of the signature of a complex system is often challenging, as it may involve a large number of components and a complex architecture. In this study, we propose a novel approach to computing the signature of a system consisting of subsystems with shared components. The proposed approach relies on a new concept called decomposed survival signatures. This new concept can be efficiently used to compute the signature of a modular system with an arbitrary organizing structure and to provide explicit formulas for computation. Applications in cyber systems, transportation systems, and branched oil pipeline systems are highlighted.

Published
2018

15. Modeling multivariate cybersecurity risks

Author

Shouhuai Xu, Chen Peng, Maochao Xu, and Taizhong Hu

Subjects
Statistics and Probability, 021110 strategic, defence & security studies, Multivariate statistics, Computer science, Autoregressive conditional heteroskedasticity, 0211 other engineering and technologies, 02 engineering and technology, Computer security, computer.software_genre, 01 natural sciences, Vine copula, 010104 statistics & probability, 0101 mathematics, Statistics, Probability and Uncertainty, computer, Value at risk
Abstract

Modeling cybersecurity risks is an important, yet challenging, problem. In this paper, we initiate the study of modeling multivariate cybersecurity risks. We develop the first statistical a...

Published
2018

16. Defending a cyber system with early warning mechanism

Author

Weidong Shi, Die Chen, and Maochao Xu

Subjects
021110 strategic, defence & security studies, Engineering, 021103 operations research, Warning system, Network defense, business.industry, Mechanism (biology), Reliability (computer networking), 0211 other engineering and technologies, 02 engineering and technology, Computer security, computer.software_genre, Industrial and Manufacturing Engineering, Component (UML), Key (cryptography), Resource allocation, Safety, Risk, Reliability and Quality, business, computer
Abstract

Due to the increasing reliance on networks, defending a cyber system is of vital importance. In this paper, we consider an important mechanism of early warning for defending a cyber system that has become a key component of constructing network defense in practice. We study the reliability of a system under attack from single or multiple sources. In particular, we discuss the effect of an early warning mechanism on the system reliability. We then propose the optimal strategy for defending a cyber system with early warning components in the worst attack scenario. The theoretical results are further validated by simulation evidence.

Published
2018

17. Ensuring confidentiality and availability of sensitive data over a network system under cyber threats

Author

Gaofeng Da, Peng Zhao, Xiaoyu Zhang, and Maochao Xu

Subjects
Flexibility (engineering), 021110 strategic, defence & security studies, 021103 operations research, Computer science, 0211 other engineering and technologies, Pareto principle, 02 engineering and technology, Data breach, Computer security, computer.software_genre, Network topology, Partition (database), Industrial and Manufacturing Engineering, Scalability, Confidentiality, Safety, Risk, Reliability and Quality, computer, Cyber threats
Abstract

The online storage of sensitive data enjoys many benefits such as flexibility, cost-savings, scalability, and convenience but it also poses a big concern on the data confidentiality and availability. To ensure the confidentiality and availability of sensitive data over a network system, the data partition technique is often employed. We study the optimal data partition strategy over an arbitrary network under cyber threats. Both the outside attack and the risk propagation (i.e., inside attack) are considered for the data partition. The data breach probability and retrieve probability are discussed under both limited and unlimited risk propagation for various scenarios. It is discovered that the risk propagation can have much more impact on the optimal partition strategy than that of outside attacks, and the unlimited risk propagation leads to more severer cyber risk. The network topology significantly impacts the partition strategy which hints that the network topology should never be overlooked in practice. The corruption due to compromise can lead to different partition strategies. An optimal partition model is developed for determining the optimal strategy and the pareto non-dominated solutions are recommended for practical use.

Published
2021

18. Cyber attacks on PMU placement in a smart grid: Characterization and optimization

Author

Maochao Xu, Weiyong Ding, Yu Huang, Fengyi Song, and Peng Zhao

Subjects
021110 strategic, defence & security studies, 021103 operations research, Computer science, Reliability (computer networking), 0211 other engineering and technologies, Phasor, 02 engineering and technology, Computer security, computer.software_genre, Unobservable, Industrial and Manufacturing Engineering, Electric power system, Units of measurement, Smart grid, Observability, State (computer science), Safety, Risk, Reliability and Quality, computer
Abstract

Phasor measurement units (PMUs) have been integrated into the smart grid for monitoring the operational state of system and improving the reliability. Due to the high cost of PMU installment, the optimal placement strategies have attracted considerable attention in the literature. However, the impacts of cyber threats on the placement have been largely ignored owing to the cyber complexities. This paper initializes the study on the optimal PMU placement in a smart grid under the cyber threats. A probabilistic model is developed for assessing the unobservable risk of the power grid. We characterize the impacts of several cyber factors on the PMU placements including the number of directly attacked PMUs, the dependence among attack outcomes, and risk propagation. We further study the impacts of cyber attacks on the allocation strategies under a bi-level placement model. In particular, a novel ‘greedy’ algorithm for PMU placement is introduced with the presence of cyber risks. Our studies show that the cyber risk can significantly increase the unobservability risk of a power system which in turn requires additional PMU allocations, and the dependence among cyber attacks can lead to more unobservable risk.

Published
2021

19. A Vine Copula Model for Predicting the Effectiveness of Cyber Defense Early-Warning

Author

Lei Hua, Shouhuai Xu, and Maochao Xu

Subjects
Statistics and Probability, Value (ethics), Structure (mathematical logic), 021110 strategic, defence & security studies, Warning system, Computer science, Mechanism (biology), Applied Mathematics, 0211 other engineering and technologies, 02 engineering and technology, computer.software_genre, 01 natural sciences, Measure (mathematics), Vine copula, 010104 statistics & probability, Cyber defense, Risk analysis (engineering), Modeling and Simulation, Information system, Data mining, 0101 mathematics, computer
Abstract

Internet-based computer information systems play critical roles in many aspects of modern society. However, these systems are constantly under cyber attacks that can cause catastrophic consequences. To defend these systems effectively, it is necessary to measure and predict the effectiveness of cyber defense mechanisms. In this article, we investigate how to measure and predict the effectiveness of an important cyber defense mechanism that is known as early-warning. This turns out to be a challenging problem because we must accommodate the dependence among certain four-dimensional time series. In the course of using a dataset to demonstrate the prediction methodology, we discovered a new nonexchangeable and rotationally symmetric dependence structure, which may be of independent value. We propose a new vine copula model to accommodate the newly discovered dependence structure, and show that the new model can predict the effectiveness of early-warning more accurately than the others. We also discus...

Published
2017

20. Multiple cyber attacks against a target with observation errors and dependent outcomes: Characterization and optimization

Author

Shouhuai Xu, Maochao Xu, Xiaoxiao Hu, and Peng Zhao

Subjects
021110 strategic, defence & security studies, Engineering, 021103 operations research, business.industry, Compromise, media_common.quotation_subject, 0211 other engineering and technologies, Novelty, Monotonic function, 02 engineering and technology, Computer security, computer.software_genre, Industrial and Manufacturing Engineering, Copula (probability theory), Pre-play attack, Safety, Risk, Reliability and Quality, business, computer, Random variable, media_common
Abstract

In this paper we investigate a cybersecurity model: An attacker can launch multiple attacks against a target with a termination strategy that says that the attacker will stop after observing a number of successful attacks or when the attacker is out of attack resources. However, the attacker's observation of the attack outcomes (i.e., random variables indicating whether the target is compromised or not) has an observation error that is specified by both a false-negative and a false-positive probability. The novelty of the model we study is the accommodation of the dependence between the attack outcomes, because the dependence was assumed away in the literature. In this model, we characterize the monotonicity and bounds of the compromise probability (i.e., the probability that the target is compromised). In addition to extensively showing the impact of dependence on quantities such as compromise probability and attack cost, we give methods for finding the optimal strategy that leads to maximum compromise probability or minimum attack cost. This study highlights that the dependence between random variables cannot be assumed away, because the results will be misleading.

Published
2017

21. Modeling and predicting extreme cyber attack rates via marked point processes

Author

Shouhuai Xu, Chen Peng, Taizhong Hu, and Maochao Xu

Subjects
Statistics and Probability, 021110 strategic, defence & security studies, National security, Computer science, business.industry, Unit of time, Perspective (graphical), 0211 other engineering and technologies, Complex system, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Point process, 0202 electrical engineering, electronic engineering, information engineering, Cyber-attack, The Internet, Data mining, Statistics, Probability and Uncertainty, Extreme value theory, business, computer
Abstract

Cyber attacks have become a problem that is threatening the economy, human privacy, and even national security. Before we can adequately address the problem, we need to have a crystal clear understanding about cyber attacks from various perspectives. This is a challenge because the Internet is a large-scale complex system with humans in the loop. In this paper, we investigate a particular perspective of the problem, namely the extreme value phenomenon that is exhibited by cyber attack rates, which are the numbers of attacks against a system of interest per time unit. It is important to explore this perspective because understanding the statistical properties of extreme cyber attack rates will pave the way for cost-effective, if not optimal, allocation of resources in real-life cyber defense operations. Specifically, we propose modeling and predicting extreme cyber attack rates via marked point processes, while using the Value-at-Risk as a natural measure of intense cyber attacks. The point process...

Published
2016

22. A deep learning framework for predicting cyber attacks rates

Author

Maochao Xu, Shouhuai Xu, Peng Zhao, and Xing Fang

Subjects
GARCH, lcsh:Computer engineering. Computer hardware, Computer science, 0211 other engineering and technologies, Weather forecasting, lcsh:TK7885-7895, 02 engineering and technology, ARIMA, Machine learning, computer.software_genre, RNN, lcsh:QA75.5-76.95, Empirical research, 0202 electrical engineering, electronic engineering, information engineering, Cyber threats, 021110 strategic, defence & security studies, business.industry, Deep learning, 020206 networking & telecommunications, Hybrid models, Computer Science Applications, Recurrent neural network, Signal Processing, Cyber-attack, lcsh:Electronic computers. Computer science, Artificial intelligence, LSTM, business, computer
Abstract

Like how useful weather forecasting is, the capability of forecasting or predicting cyber threats can never be overestimated. Previous investigations show that cyber attack data exhibits interesting phenomena, such as long-range dependence and high nonlinearity, which impose a particular challenge on modeling and predicting cyber attack rates. Deviating from the statistical approach that is utilized in the literature, in this paper we develop a deep learning framework by utilizing the bi-directional recurrent neural networks with long short-term memory, dubbed BRNN-LSTM. Empirical study shows that BRNN-LSTM achieves a significantly higher prediction accuracy when compared with the statistical approach.

Published
2019

23. ON THE QUASI-STATIONARY DISTRIBUTION OF SIS MODELS

Author

Gaofeng Da, Shouhuai Xu, and Maochao Xu

Subjects
Statistics and Probability, 010104 statistics & probability, Stationary distribution, Computer science, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, 02 engineering and technology, Statistical physics, 0101 mathematics, Management Science and Operations Research, Statistics, Probability and Uncertainty, 01 natural sciences, Industrial and Manufacturing Engineering
Abstract

In this paper, we propose a novel method for constructing upper bounds of the quasi-stationary distribution of SIS processes. Using this method, we obtain an upper bound that is better than the state-of-the-art upper bound. Moreover, we prove that the fixed point map Φ [7] actually preserves the equilibrium reversed hazard rate order under a certain condition. This allows us to further improve the upper bound. Some numerical results are presented to illustrate the results.

Published
2016

24. Discrete Truncated Power‐Law Distributions

Author

Maochao Xu, Hong Zhu, and Yingchao Xie

Subjects
Statistics and Probability, Mathematical optimization, Monte Carlo method, Order statistic, Sample (statistics), 010103 numerical & computational mathematics, 01 natural sciences, Power law, Upper and lower bounds, 010104 statistics & probability, symbols.namesake, Heavy-tailed distribution, symbols, Pareto distribution, Statistical physics, 0101 mathematics, Statistics, Probability and Uncertainty, Intensity (heat transfer), Mathematics
Abstract

Summary Discrete power-law distributions have significant consequences for understanding many phenomena in practice, and have attracted much attention in recent decades. However, in many practical applications, there exists a natural upper bound for the probability tail. In this paper, we develop maximum likelihood estimates for truncated discrete power-law distributions based on the upper order statistics, and large sample properties are mentioned as well. Monte Carlo simulation is carried out to examine the finite sample performance of the estimates. Applications in real cyber attack data and peak gamma-ray intensity of solar flares are highlighted.

Published
2016

25. Cyber risks of PMU networks with observation errors: Assessment and mitigation

Author

Maochao Xu, Peng Zhao, Weiyong Ding, and Yu Huang

Subjects
Risk model, Smart grid, business.industry, Computer science, Observability, Power grid, Safety, Risk, Reliability and Quality, business, Risk assessment, Industrial and Manufacturing Engineering, Risk management, Cyber threats, Reliability engineering
Abstract

The PMU network has been utilized to monitor the system operation of a smart grid in recent decades. This brings a significant cyber risk for the power grid as the attacker can manipulate the PMU network to introduce the false positive and false negative observation errors. A novel risk model is proposed for the PMU networks by considering the observation errors. It is discovered that ignoring the due observation errors can severely underestimate the PMU risks as shown by the theoretical and simulation studies. The risk mitigation strategies for improving the safety levels of PMUs with the observation errors are studied. It is found that the optimal mitigation strategy can be different when the observation errors are present. Numerical examples are presented for illustrations as well.

Published
2020

26. Predicting Cyber Attack Rates with Extreme Values

Author

Maochao Xu, Zhenxin Zhan, and Shouhuai Xu

Subjects
FOS: Computer and information sciences, Computer Science - Cryptography and Security, Computer Networks and Communications, Computer science, computer.software_genre, Statistics - Applications, Data modeling, Cyber-attack, Applications (stat.AP), Data mining, Time series, Safety, Risk, Reliability and Quality, Extreme value theory, Hidden Markov model, computer, Cryptography and Security (cs.CR)
Abstract

It is important to understand to what extent, and in what perspectives, cyber attacks can be predicted. Despite its evident importance, this problem was not investigated until very recently, when we proposed using the innovative methodology of {\em gray-box prediction}. This methodology advocates the use of gray-box models, which accommodate the statistical properties/phenomena exhibited by the data. Specifically, we showed that gray-box models that accommodate the Long-Range Dependence (LRD) phenomenon can predict the attack rate (i.e., the number of attacks per unit time) 1-hour ahead-of-time with an accuracy of 70.2-82.1\%. To the best of our knowledge, this is the first result showing the feasibility of prediction in this domain. We observe that the prediction errors are partly caused by the models' incapability in predicting the large attack rates, which are called {\em extreme values} in statistics. This motivates us to analyze the {\em extreme-value phenomenon}, by using two complementary approaches: the Extreme Value Theory (EVT) and the Time Series Theory (TST). In this paper, we show that EVT can offer long-term predictions (e.g., 24-hour ahead-of-time), while gray-box TST models can predict attack rates 1-hour ahead-of-time with an accuracy of 86.0-87.9\%. We explore connections between the two approaches, and point out future research directions. Although our prediction study is based on specific cyber attack data, our methodology can be equally applied to analyze any cyber attack data of its kind.

Published
2016

27. A Characterization of Cybersecurity Posture from Network Telescope Data

Author

Shouhuai Xu, Maochao Xu, and Zhenxin Zhan

Subjects
Series (mathematics), Computer science, Stochastic process, Network telescope, Darknet, Astrophysics::Instrumentation and Methods for Astrophysics, ComputingMilieux_LEGALASPECTSOFCOMPUTING, 020206 networking & telecommunications, 02 engineering and technology, Characterization (mathematics), Computer security, computer.software_genre, law.invention, Telescope, law, 020204 information systems, ComputingMethodologies_SYMBOLICANDALGEBRAICMANIPULATION, 0202 electrical engineering, electronic engineering, information engineering, Time series, computer, Random variable, Computer Science::Cryptography and Security
Abstract

Data-driven understanding of cybersecurity posture is an important problem that has not been adequately explored. In this paper, we analyze some real data collected by CAIDA's network telescope during the month of March 2013. We propose to formalize the concept of cybersecurity posture from the perspectives of three kinds of time series: the number of victims i.e., telescope IP addresses that are attacked, the number of attackers that are observed by the telescope, and the number of attacks that are observed by the telescope. Characterizing cybersecurity posture therefore becomes investigating the phenomena and statistical properties exhibited by these time series, and explaining their cybersecurity meanings. For example, we propose the concept of sweep-time, and show that sweep-time should be modeled by stochastic process, rather than random variable. We report that the number of attackers and attacks from a certain country dominates the total number of attackers and attacks that are observed by the telescope. We also show that substantially smaller network telescopes might not be as useful as a large telescope.

Published
2015

Catalog

Books, media, physical & digital resources
See catalog results