Contagion in Cybersecurity Attacks

David J. Pym; Julian Williams; Christos Ioannidis; Iffat Ara Gheyas; Adrian Baldwin

Contagion in Cybersecurity Attacks

David J. Pym, Julian Williams, Christos Ioannidis, Iffat Ara Gheyas, Adrian Baldwin

Research output: Contribution to conference › Unpublished paper › peer-review

Abstract

We develop and estimate a vector equation system of threats to ten important IP services, using SANS-reported data over the period January 2003 to February 2011. Our results reveal strong evidence of contagion between such attacks, with attacks on ssh and Secure Web Server indicating increased attack activity on other ports. Security managers who ignore such contagious inter-relationships may underestimate the underlying risk to their systems' defence of security attributes, such as sensitivity and criticality, and thus delay appropriate information security investments.

Original language	English
Publication status	Published - 25 Jun 2012
Event	11th Annual Workshop on the Economics of Information Security - Berlin, Germany Duration: 25 Jun 2012 → 26 Jun 2012

Conference

Conference	11th Annual Workshop on the Economics of Information Security
Country/Territory	Germany
City	Berlin
Period	25/06/12 → 26/06/12

Cite this

@conference{1c3afc65622e45d495fb6b6692015a4c,

title = "Contagion in Cybersecurity Attacks",

abstract = "We develop and estimate a vector equation system of threats to ten important IP services, using SANS-reported data over the period January 2003 to February 2011. Our results reveal strong evidence of contagion between such attacks, with attacks on ssh and Secure Web Server indicating increased attack activity on other ports. Security managers who ignore such contagious inter-relationships may underestimate the underlying risk to their systems' defence of security attributes, such as sensitivity and criticality, and thus delay appropriate information security investments.",

author = "Pym, {David J.} and Julian Williams and Christos Ioannidis and Gheyas, {Iffat Ara} and Adrian Baldwin",

year = "2012",

month = jun,

day = "25",

language = "English",

note = "11th Annual Workshop on the Economics of Information Security ; Conference date: 25-06-2012 Through 26-06-2012",

}

TY - CONF

T1 - Contagion in Cybersecurity Attacks

AU - Pym, David J.

AU - Williams, Julian

AU - Ioannidis, Christos

AU - Gheyas, Iffat Ara

AU - Baldwin, Adrian

PY - 2012/6/25

Y1 - 2012/6/25

N2 - We develop and estimate a vector equation system of threats to ten important IP services, using SANS-reported data over the period January 2003 to February 2011. Our results reveal strong evidence of contagion between such attacks, with attacks on ssh and Secure Web Server indicating increased attack activity on other ports. Security managers who ignore such contagious inter-relationships may underestimate the underlying risk to their systems' defence of security attributes, such as sensitivity and criticality, and thus delay appropriate information security investments.

AB - We develop and estimate a vector equation system of threats to ten important IP services, using SANS-reported data over the period January 2003 to February 2011. Our results reveal strong evidence of contagion between such attacks, with attacks on ssh and Secure Web Server indicating increased attack activity on other ports. Security managers who ignore such contagious inter-relationships may underestimate the underlying risk to their systems' defence of security attributes, such as sensitivity and criticality, and thus delay appropriate information security investments.

M3 - Unpublished paper

T2 - 11th Annual Workshop on the Economics of Information Security

Y2 - 25 June 2012 through 26 June 2012

ER -

Contagion in Cybersecurity Attacks

Abstract

Conference

Fingerprint

Cite this