Toward econometric models of the security risk from remote attacks

Security risk models have successfully estimated the likelihood of attack for simple security threats such as burglary and auto theft. Before we can forecast the risks to computer systems, we must first learn to measure the strength of their security

[1]  Mark W. Watson Introduction to econometrics. , 1968 .

[2]  D. Walsh Burglars on the Job, Streetlife and Residential Break-ins , 1995 .

[3]  H. Theil Introduction to econometrics , 1978 .

[4]  Vern Paxson,et al.  How to Own the Internet in Your Spare Time , 2002, USENIX Security Symposium.

[5]  Suresh L. Konda,et al.  The Survivability of Network Systems: An Empirical Analysis , 2000 .

[6]  E. Eugene Schultz A framework for understanding and predicting insider attacks , 2002, Comput. Secur..

[7]  Stuart E. Schechter,et al.  Quantitatively Differentiating System Security , 2002 .

[8]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[9]  Crispin Cowan,et al.  Timing the Application of Security Patches for Optimal Uptime , 2002, LISA.

[10]  Detmar W. Straub,et al.  Effective IS Security: An Empirical Study , 1990, Inf. Syst. Res..

[11]  John D. Howard,et al.  An analysis of security incidents on the Internet 1989-1995 , 1998 .

[12]  Suresh L. Konda,et al.  A Simulation Model for Managing Survivability of Networked Information Systems , 2000 .

[13]  T. Budd,et al.  Burglary of Domestic Dwellings Findings from the British Crime Survey , 1999 .

[14]  Stefan Savage,et al.  Inside the Slammer Worm , 2003, IEEE Secur. Priv..

[15]  Michael D. Smith,et al.  Computer security strength and risk: a quantitative approach , 2004 .

[16]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[17]  Lindsay C. J. Mercer,et al.  Fraud detection via regression analysis , 1990, Comput. Secur..

[18]  Yochanan Shachmurove,et al.  CARESS Working Papr 97-07 The Burglar as a Rational Economic Agent ¤ , 1997 .

[19]  William A. Arbaugh,et al.  A trend analysis of exploitations , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.