Statistical Modeling Of Network Worm Attack And Data Breach

In the period of big data,cyber security has become one of the hottest topics.The network has convenient,fast,free and other advantages,coupled with the network interaction,beyond time and space and global popularity,the global network suffered lots of attacks every year,the loss caused by up to hundreds of billions of dollars.Therefore,some insurance companies began to carry out insurance business for cyber security,and how to model cyber risk has become a hot direction at the moment.This thesis mainly studies two parts of cyber risk.The first is about the statistical modeling of network worm propagation in cyberspace,and the second is the modeling and prediction of sparse data breach.Modeling the propagation dynamics of network worms in cyberspace is an important research problem,because models can deepen our understanding of dynamical cyber threats.Many studies have focused on modeling the micro-level interactions taking place on computer networks to derive the asymptotic behavior of the dynamics in the long run.An equally important research problem is to model the macro-level evolution of dynamical cyber threats when such data is available.These data-driven models are important because they describe the transient(in contrast to asymptotic)behavior of the dynamics.In our first project,we study the statistical model of the macro evolution of dynamic network attacks.Specifically,we propose a Bayesian structural time series approach(BSTS)for modeling the computer malware propagation dynamics in cyberspace.Our model not only possesses the parsimony property(i.e.,using few model parameters)but also can provide the predictive distribution of the dynamics by accommodating uncertainty.Our simulation study shows that the proposed model can fi t and predict the computer malware propagation dynamics accurately,without re quiring to know the information about the underlying attackdefense interaction mechanism and the underlying network topology.We use the model to study the propagation of two particular kinds of computer malware,namely the Conficker and Code Red worms,and show that our model has very satisfactory fitting and prediction accuracies.Data breach is a major cybersecurity problem that has caused huge financial losses and compromised many individuals' privacy(e.g.,social security numbers).This calls for deeper understanding about the data breach risk.Despite the substantial amount of attention that has been directed toward the issue,many fundamental problems are yet to be investigated.The second topic of our research is the modeling and prediction of enterprise-level(sparse)data breach risk.This problem is challenging because of the sparsity of breaches experienced by individual enterprises over time,which immediately disqualifies standard statistical models because there are not enough data to train such models.As a first step towards tackling the problem,we propose an innovative statistical framework to leverage the dependence between multiple time series.The framework can be characterized as follows:(i)It uses a two-part mixture structure to accommodate the excessively many zeros(i.e.,event sparsity);(ii)it uses the heavy-tail distribution to accommodate the often-observed extreme values;(iii)it uses covariates to accommodate the possible breach-size heterogeneity between the time series;and(iv)it uses the mixed Dvine copula structure to accommodate the temporal dependence of multivariate time series.In order to validate the framework,we apply it to a dataset of enterprise-level breach incidents.Experimental results show its effectiveness in modeling and predicting enterprise-level breach incidents.