Contagion in Cybersecurity Attacks

David J. Pym, Julian Williams, Christos Ioannidis, Iffat Ara Gheyas, Adrian Baldwin

Research output: Contribution to conferencePaper

Abstract

We develop and estimate a vector equation system of threats to ten important IP services, using SANS-reported data over the period January 2003 to February 2011. Our results reveal strong evidence of contagion between such attacks, with attacks on ssh and Secure Web Server indicating increased attack activity on other ports. Security managers who ignore such contagious inter-relationships may underestimate the underlying risk to their systems' defence of security attributes, such as sensitivity and criticality, and thus delay appropriate information security investments.
Original languageEnglish
Publication statusPublished - 25 Jun 2012
Event11th Annual Workshop on the Economics of Information Security - Berlin, Germany
Duration: 25 Jun 201226 Jun 2012

Conference

Conference11th Annual Workshop on the Economics of Information Security
CountryGermany
CityBerlin
Period25/06/1226/06/12

Fingerprint

Attack
Contagion
Threat
Information security
Criticality
Interrelationship
Managers
World Wide Web

Cite this

Pym, D. J., Williams, J., Ioannidis, C., Gheyas, I. A., & Baldwin, A. (2012). Contagion in Cybersecurity Attacks. Paper presented at 11th Annual Workshop on the Economics of Information Security , Berlin, Germany.

Contagion in Cybersecurity Attacks. / Pym, David J.; Williams, Julian; Ioannidis, Christos; Gheyas, Iffat Ara; Baldwin, Adrian.

2012. Paper presented at 11th Annual Workshop on the Economics of Information Security , Berlin, Germany.

Research output: Contribution to conferencePaper

Pym, DJ, Williams, J, Ioannidis, C, Gheyas, IA & Baldwin, A 2012, 'Contagion in Cybersecurity Attacks' Paper presented at 11th Annual Workshop on the Economics of Information Security , Berlin, Germany, 25/06/12 - 26/06/12, .
Pym DJ, Williams J, Ioannidis C, Gheyas IA, Baldwin A. Contagion in Cybersecurity Attacks. 2012. Paper presented at 11th Annual Workshop on the Economics of Information Security , Berlin, Germany.
Pym, David J. ; Williams, Julian ; Ioannidis, Christos ; Gheyas, Iffat Ara ; Baldwin, Adrian. / Contagion in Cybersecurity Attacks. Paper presented at 11th Annual Workshop on the Economics of Information Security , Berlin, Germany.
@conference{1c3afc65622e45d495fb6b6692015a4c,
title = "Contagion in Cybersecurity Attacks",
abstract = "We develop and estimate a vector equation system of threats to ten important IP services, using SANS-reported data over the period January 2003 to February 2011. Our results reveal strong evidence of contagion between such attacks, with attacks on ssh and Secure Web Server indicating increased attack activity on other ports. Security managers who ignore such contagious inter-relationships may underestimate the underlying risk to their systems' defence of security attributes, such as sensitivity and criticality, and thus delay appropriate information security investments.",
author = "Pym, {David J.} and Julian Williams and Christos Ioannidis and Gheyas, {Iffat Ara} and Adrian Baldwin",
year = "2012",
month = "6",
day = "25",
language = "English",
note = "11th Annual Workshop on the Economics of Information Security ; Conference date: 25-06-2012 Through 26-06-2012",

}

TY - CONF

T1 - Contagion in Cybersecurity Attacks

AU - Pym, David J.

AU - Williams, Julian

AU - Ioannidis, Christos

AU - Gheyas, Iffat Ara

AU - Baldwin, Adrian

PY - 2012/6/25

Y1 - 2012/6/25

N2 - We develop and estimate a vector equation system of threats to ten important IP services, using SANS-reported data over the period January 2003 to February 2011. Our results reveal strong evidence of contagion between such attacks, with attacks on ssh and Secure Web Server indicating increased attack activity on other ports. Security managers who ignore such contagious inter-relationships may underestimate the underlying risk to their systems' defence of security attributes, such as sensitivity and criticality, and thus delay appropriate information security investments.

AB - We develop and estimate a vector equation system of threats to ten important IP services, using SANS-reported data over the period January 2003 to February 2011. Our results reveal strong evidence of contagion between such attacks, with attacks on ssh and Secure Web Server indicating increased attack activity on other ports. Security managers who ignore such contagious inter-relationships may underestimate the underlying risk to their systems' defence of security attributes, such as sensitivity and criticality, and thus delay appropriate information security investments.

M3 - Paper

ER -