A Multivariate Model to Quantify and Mitigate Cybersecurity Risk

The cost of cybersecurity incidents is large and growing. However, conventional methods for measuring loss and choosing mitigation strategies use simplifying assumptions and are often not supported by cyber attack data. In this paper, we present a multivariate model for different, dependent types of attack and the effect of mitigation strategies on those attacks. Utilising collected cyber attack data and assumptions on mitigation approaches, we look at an example of using the model to optimise the choice of mitigations. We find that the optimal choice of mitigations will depend on the goal—to prevent extreme damages or damage on average. Numerical experiments suggest the dependence aspect is important and can alter final risk estimates by as much as 30%. The methodology can be used to quantify the cost of cyber attacks and support decision making on the choice of optimal mitigation strategies.

Download Full-text

Impacted Cyber Attacks Assessment in Wide Range of Big Data Security Systems

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.c1125.1083s19 ◽

2019 ◽

Vol 8 (3S) ◽

pp. 625-629

Keyword(s):

Big Data ◽

Cyber Security ◽

Cyber Attacks ◽

Cyber Attack ◽

Security Systems ◽

Computing Systems ◽

Wide Range ◽

Software Platforms ◽

The Cost ◽

And Storage

The technological advancements in image storage, data processing, and signal analysis of Big Data include (a) the fastly degrade the cost of storage and CPU power in recent arena; the flexibility and cost-effectiveness of data operating platforms and cloud computing systems for flexible computation and storage; and (c) the development of new frameworks , which allow users to take advantage of these divided computing systems storing large amount of data which is almost flexible parallel processing. The proposed survey work focused on discussing the various impacted cyber-attack critics available in industry and the trending algorithms available for cyber security etc. Big data in IoT clouds handling and software platforms which allow the malware enter into the working systems are analyzed, reliable methods to avoid the miscellaneous malwares are clearly depicted here.

Download Full-text

Predicting Cyber-Events by Leveraging Hacker Sentiment

Information ◽

10.3390/info9110280 ◽

2018 ◽

Vol 9 (11) ◽

pp. 280 ◽

Cited By ~ 7

Author(s):

Ashok Deb ◽

Kristina Lerman ◽

Emilio Ferrara

Keyword(s):

Sentiment Analysis ◽

Predictive Power ◽

Cyber Attacks ◽

Cyber Attack ◽

Business Organizations ◽

High Profile ◽

Malicious Activity ◽

Novel Approach ◽

Community Behavior ◽

Attack Data

Recent high-profile cyber-attacks exemplify why organizations need better cyber-defenses. Cyber-threats are hard to accurately predict because attackers usually try to mask their traces. However, they often discuss exploits and techniques on hacking forums. The community behavior of the hackers may provide insights into the groups’ collective malicious activity. We propose a novel approach to predict cyber-events using sentiment analysis. We test our approach using cyber-attack data from two major business organizations. We consider three types of events: malicious software installation, malicious-destination visits, and malicious emails that surmounted the target organizations’ defenses. We construct predictive signals by applying sentiment analysis to hacker forum posts to better understand hacker behavior. We analyze over 400 K posts written between January 2016 and January 2018 on over 100 hacking forums both on the surface and dark web. We find that some forums have significantly more predictive power than others. Sentiment-based models that leverage specific forums can complement state-of-the-art time-series models on forecasting cyber-attacks weeks ahead of the events.

Download Full-text

Cyber Attacks and Cyber Security in Underwater Communication

Energy-Efficient Underwater Wireless Communications and Networking - Advances in Environmental Engineering and Green Technologies ◽

10.4018/978-1-7998-3640-7.ch012 ◽

2021 ◽

pp. 187-193

Author(s):

Sachin Umrao

Keyword(s):

Risk Analysis ◽

Cyber Security ◽

Data Transfer ◽

Cyber Attacks ◽

Underwater Communication ◽

Cyber Attack ◽

Recent Past ◽

The World ◽

The Cost

This chapter is structured around the concepts of risk analysis due to underwater deployment of the cables for data transfer. Most of the organizations have deployed their networks below the water for shortening the distances between peers and also to reduce the physical destruction cost of cables. Furthermore, some organizations like Google kept their servers below the water because it reduced the cost of getting it cool, which in turn increases the efficiency. However, security consultants around the world in recent past expressed their considerations that a cyber-attack on these servers or cables might result in miserable economic collision. This might be overstated but there are infrequent situations in which cable breakage could be riotous. Although organizations cannot rule the threat of attacks on these apparatuses, there are fewer check measures that could reduce the possible attack chances in underwater communication.

Download Full-text

Insights into Organizational Security Readiness: Lessons Learned from Cyber-Attack Case Studies

Journal of Cybersecurity and Privacy ◽

10.3390/jcp1040032 ◽

2021 ◽

Vol 1 (4) ◽

pp. 638-659

Author(s):

Faisal Quader ◽

Vandana P. Janeja

Keyword(s):

Case Studies ◽

Comprehensive Evaluation ◽

Cyber Attacks ◽

Lessons Learned ◽

Mitigation Strategies ◽

Cyber Attack ◽

Cyber Threats ◽

Weakest Link ◽

Behavioral Aspects ◽

The Impact

This paper focuses on understanding the characteristics of multiple types of cyber-attacks through a comprehensive evaluation of case studies of real-world cyber-attacks. For each type of attack, we identify and link the attack type to the characteristics of that attack and the factors leading up to the attack, as observed from the review of case studies for that type of attack. We explored both the quantitative and qualitative characteristics for the types of attacks, including the type of industry, the financial intensity of the attack, non-financial intensity impacts, the number of impacted customers, and the impact on users’ trust and loyalty. In addition, we investigated the key factors leading up to an attack, including the human behavioral aspects; the organizational–cultural factors at play; the security policies adapted; the technology adoption and investment by the business; the training and awareness of all stakeholders, including users, customers and employees; and the investments in cybersecurity. In our study, we also analyzed how these factors are related to each other by evaluating the co-occurrence and linkage of factors to form graphs of connected frequent rules seen across the case studies. This study aims to help organizations take a proactive approach to the study of relevant cyber threats and aims to educate organizations to become more knowledgeable through lessons learned from other organizations experiencing cyber-attacks. Our findings indicate that the human behavioral aspects leading up to attacks are the weakest link in the successful prevention of cyber threats. We focus on human factors and discuss mitigation strategies.

Download Full-text

The invisible hole of information on SMB's cybersecurity

Online Journal of Applied Knowledge Management ◽

10.36965/ojakm.2019.7(1)14-26 ◽

2019 ◽

Vol 7 (1) ◽

pp. 14-26

Author(s):

Ruti Gafni ◽

Tal Pavel

Keyword(s):

Mass Communication ◽

Cyber Attacks ◽

Communication Media ◽

Specific Information ◽

Exploratory Research ◽

Cyber Attack ◽

Public Attention ◽

Cyber Threats ◽

Accessible Information ◽

Types Of Information

Small and Medium Businesses (SMB) use Internet and computer-based tools in their daily processes, sometimes without being aware to the cyber threats, or without knowing how to be prepared in case of a cyber-attack, although they are a major target for cyber-attacks. Specific information about cybersecurity needed by SMBs, in order to cope with cyber threats, is not always available or easily accessible. In this study, a vast search of different types of information about SMBs’ cybersecurity was performed, in order to find whether a hole of accessible information exists in this area. This exploratory research covered general mass communication media channels, technological and professional cybersecurity websites, and academic journals, and found that indeed very few studies, articles and news items were published in this matter. Leveraging knowledge and awareness, diminishing the shame for reporting cyber-attacks, and increasing mass communication media interest and public attention, may be activities to cover this “invisible hole”.

Download Full-text

An Adaptive Optimization Method Based on Learning Rate Schedule for Neural Networks

Applied Sciences ◽

10.3390/app11020850 ◽

2021 ◽

Vol 11 (2) ◽

pp. 850

Author(s):

Dokkyun Yi ◽

Sangmin Ji ◽

Jieun Park

Keyword(s):

Artificial Intelligence ◽

Cost Function ◽

Numerical Experiments ◽

Global Minimum ◽

Optimization Method ◽

Learning Method ◽

Adaptive Optimization ◽

The Cost ◽

Proof Of Convergence ◽

Learning Data

Artificial intelligence (AI) is achieved by optimizing the cost function constructed from learning data. Changing the parameters in the cost function is an AI learning process (or AI learning for convenience). If AI learning is well performed, then the value of the cost function is the global minimum. In order to obtain the well-learned AI learning, the parameter should be no change in the value of the cost function at the global minimum. One useful optimization method is the momentum method; however, the momentum method has difficulty stopping the parameter when the value of the cost function satisfies the global minimum (non-stop problem). The proposed method is based on the momentum method. In order to solve the non-stop problem of the momentum method, we use the value of the cost function to our method. Therefore, as the learning method processes, the mechanism in our method reduces the amount of change in the parameter by the effect of the value of the cost function. We verified the method through proof of convergence and numerical experiments with existing methods to ensure that the learning works well.

Download Full-text

A Determinant Elimination Method for Bottleneck Assignment and Generalized Assignment Problems

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.239-240.1522 ◽

2012 ◽

Vol 239-240 ◽

pp. 1522-1527

Author(s):

Wen Bo Wu ◽

Yu Fu Jia ◽

Hong Xing Sun

Keyword(s):

Computational Complexity ◽

Optimization Algorithm ◽

Assignment Problem ◽

Numerical Experiments ◽

High Efficiency ◽

Synthesis Method ◽

Assignment Problems ◽

Generalized Assignment ◽

The Cost ◽

Time And Space Complexity

The bottleneck assignment (BA) and the generalized assignment (GA) problems and their exact solutions are explored in this paper. Firstly, a determinant elimination (DE) method is proposed based on the discussion of the time and space complexity of the enumeration method for both BA and GA problems. The optimization algorithm to the pre-assignment problem is then discussed and the adjusting and transformation to the cost matrix is adopted to reduce the computational complexity of the DE method. Finally, a synthesis method for both BA and GA problems is presented. The numerical experiments are carried out and the results indicate that the proposed method is feasible and of high efficiency.

Download Full-text

The Structure of Cyber Attacks

International Journal of Information Security and Cybercrime ◽

10.19107/ijisc.2020.01.06 ◽

2020 ◽

Vol 9 (1) ◽

pp. 43-52

Author(s):

Silviu-Elian MITRĂ

Keyword(s):

Mode Of Action ◽

Cyber Attacks ◽

Cyber Attack ◽

Computer Viruses ◽

Unique Mode ◽

External Sources

The objective of this portfolio is to ensure a good understanding of the topic of the complex and unique mode of action of cyber attacks, as well as the study of the ways in which they occur. The content of this portfolio includes from the beginning of computer viruses to the specific modern mechanisms of cyber attack undertaken by cybercriminals in order to cause detriment, but also theft or damage to certain information. Furthermore, this paper also provides essential aspects regarding the protection methods that users must undertake so that they can prevent and at the same time face these dangers specific to our age. In the elaboration of this study, there were used both personal methods, by applying my own knowledge accumulated through the study, and accessing external sources containing information necessary to complete the insufficiently analyzed problems. In essence, the elaboration of this study ensured the coverage of all relevant domains and aspects that are based on the structure and conception of cyber attacks, as well as in the manner provided by their action and manifestation.

Download Full-text

Building a Cybersecurity Culture in the Industrial Control System Environment

International Journal of Information Security and Cybercrime ◽

10.19107/ijisc.2019.01.05 ◽

2019 ◽

Vol 8 (1) ◽

pp. 39-44

Author(s):

Claudia ARAUJO MACEDO ◽

Jos MENTING

Keyword(s):

Control System ◽

Control Systems ◽

Cyber Attacks ◽

Cyber Attack ◽

Industrial Control System ◽

Security Measures ◽

Industrial Control ◽

Industrial Control Systems ◽

System A ◽

Educational Processes

Cybersecurity in industrial control system environments has become a significant concern and is even more relevant in the context of critical infrastructures where control system disruption could have a profound impact on health, safety and the environment. This makes this type of system a major target for malicious activities. Notwithstanding an organization’s interest in protecting its industrial control systems against cyber-attacks, the implementation of security measures, whether technical, organizational or human, still faces resistance and is often seen as a constraint. Using the best technology to protect industrial control systems makes no sense if persons with access do not act attentively and protectively. Technical and human cybersecurity measures are intrinsically linked, and it is essential that all persons with access to these systems are fully aware of the inherent cyber risks. Organizations must also act so that staff receive appropriate training on how to keep systems continuously protected against cyber-attack when carrying out their daily tasks. These educational processes can contribute to building an effective cybersecurity culture fully reflective of management and staff attitudes, so that the availability, integrity and confidentiality of information in industrial control systems can be assured.

Download Full-text

SARCP - Exploiting Cyber-Attack Prediction Through Socially-Aware Recommendation

International Journal of Decision Support System Technology ◽

10.4018/ijdsst.286691 ◽

2022 ◽

Vol 14 (1) ◽

pp. 0-0

Keyword(s):

Social Network ◽

Real World ◽

Cyber Security ◽

Betweenness Centrality ◽

Cyber Attacks ◽

Experimental Results ◽

Cyber Attack ◽

Defence Mechanisms ◽

Network Measure ◽

Recommender Algorithm

In the domain of cyber security, the defence mechanisms of networks has traditionally been placed in a reactionary role. Cyber security professionals are therefore disadvantaged in a cyber-attack situation due to the fact that it is vital that they maneuver such attacks before the network is totally compromised. In this paper, we utilize the Betweenness Centrality network measure (social property) to discover possible cyber-attack paths and then employ computation of similar personality of nodes/users to generate predictions about possible attacks within the network. Our method proposes a social recommender algorithm called socially-aware recommendation of cyber-attack paths (SARCP), as an attack predictor in the cyber security defence domain. In a social network, SARCP exploits and delivers all possible paths which can result in cyber-attacks. Using a real-world dataset and relevant evaluation metrics, experimental results in the paper show that our proposed method is favorable and effective.

Download Full-text