Contagion in cyber security attacks

Adrian Baldwin, Iffat Gheyas, Christos Ioannidis, David Pym, Julian Williams

Research output: Contribution to journalArticle

2 Citations (Scopus)

Abstract

Systems security is essential for the efficient operation of all organizations. Indeed, most large firms employ a designated 'Chief Information Security Officer' to coordinate the operational aspects of the organization's information security. Part of this role is in planning investment responses to information security threats against the firm's corporate network infrastructure. To this end, we develop and estimate a vector equation system of threats to 10 important IP services, using industry standard SANS data on threats to various components of a firm's information system over the period January 2003 - February 2011. Our results reveal strong evidence of contagion between such attacks, with attacks on ssh and Secure Web Server indicating increased attack activity on other ports. Security managers who ignore such contagious inter-relationships may underestimate the underlying risk to their systems' defence of security attributes, such as sensitivity and criticality, and thus delay appropriate information security investments.

LanguageEnglish
Pages780-791
Number of pages12
JournalJournal of the Operational Research Society
Volume68
Issue number7
Early online date21 Dec 2017
DOIs
Publication statusPublished - 2017
Externally publishedYes

Fingerprint

Security of data
Security systems
Information systems
Managers
Servers
Planning
Information security
Attack
Contagion
Threat
Industry

Cite this

Baldwin, Adrian ; Gheyas, Iffat ; Ioannidis, Christos ; Pym, David ; Williams, Julian. / Contagion in cyber security attacks. In: Journal of the Operational Research Society. 2017 ; Vol. 68, No. 7. pp. 780-791.
@article{34b761614965401eb3e4162bee63844a,
title = "Contagion in cyber security attacks",
abstract = "Systems security is essential for the efficient operation of all organizations. Indeed, most large firms employ a designated 'Chief Information Security Officer' to coordinate the operational aspects of the organization's information security. Part of this role is in planning investment responses to information security threats against the firm's corporate network infrastructure. To this end, we develop and estimate a vector equation system of threats to 10 important IP services, using industry standard SANS data on threats to various components of a firm's information system over the period January 2003 - February 2011. Our results reveal strong evidence of contagion between such attacks, with attacks on ssh and Secure Web Server indicating increased attack activity on other ports. Security managers who ignore such contagious inter-relationships may underestimate the underlying risk to their systems' defence of security attributes, such as sensitivity and criticality, and thus delay appropriate information security investments.",
keywords = "contagion, Hawkes process, Jumps, Self- and mutually exciting processes",
author = "Adrian Baldwin and Iffat Gheyas and Christos Ioannidis and David Pym and Julian Williams",
year = "2017",
doi = "10.1057/jors.2016.37",
language = "English",
volume = "68",
pages = "780--791",
journal = "Journal of the Operational Research Society",
issn = "0160-5682",
publisher = "Palgrave Macmillan Ltd.",
number = "7",

}

Baldwin, A, Gheyas, I, Ioannidis, C, Pym, D & Williams, J 2017, 'Contagion in cyber security attacks', Journal of the Operational Research Society, vol. 68, no. 7, pp. 780-791. https://doi.org/10.1057/jors.2016.37

Contagion in cyber security attacks. / Baldwin, Adrian; Gheyas, Iffat; Ioannidis, Christos; Pym, David; Williams, Julian.

In: Journal of the Operational Research Society, Vol. 68, No. 7, 2017, p. 780-791.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Contagion in cyber security attacks

AU - Baldwin, Adrian

AU - Gheyas, Iffat

AU - Ioannidis, Christos

AU - Pym, David

AU - Williams, Julian

PY - 2017

Y1 - 2017

N2 - Systems security is essential for the efficient operation of all organizations. Indeed, most large firms employ a designated 'Chief Information Security Officer' to coordinate the operational aspects of the organization's information security. Part of this role is in planning investment responses to information security threats against the firm's corporate network infrastructure. To this end, we develop and estimate a vector equation system of threats to 10 important IP services, using industry standard SANS data on threats to various components of a firm's information system over the period January 2003 - February 2011. Our results reveal strong evidence of contagion between such attacks, with attacks on ssh and Secure Web Server indicating increased attack activity on other ports. Security managers who ignore such contagious inter-relationships may underestimate the underlying risk to their systems' defence of security attributes, such as sensitivity and criticality, and thus delay appropriate information security investments.

AB - Systems security is essential for the efficient operation of all organizations. Indeed, most large firms employ a designated 'Chief Information Security Officer' to coordinate the operational aspects of the organization's information security. Part of this role is in planning investment responses to information security threats against the firm's corporate network infrastructure. To this end, we develop and estimate a vector equation system of threats to 10 important IP services, using industry standard SANS data on threats to various components of a firm's information system over the period January 2003 - February 2011. Our results reveal strong evidence of contagion between such attacks, with attacks on ssh and Secure Web Server indicating increased attack activity on other ports. Security managers who ignore such contagious inter-relationships may underestimate the underlying risk to their systems' defence of security attributes, such as sensitivity and criticality, and thus delay appropriate information security investments.

KW - contagion

KW - Hawkes process

KW - Jumps

KW - Self- and mutually exciting processes

UR - http://www.scopus.com/inward/record.url?scp=85014678139&partnerID=8YFLogxK

U2 - 10.1057/jors.2016.37

DO - 10.1057/jors.2016.37

M3 - Article

VL - 68

SP - 780

EP - 791

JO - Journal of the Operational Research Society

T2 - Journal of the Operational Research Society

JF - Journal of the Operational Research Society

SN - 0160-5682

IS - 7

ER -