A Vine Copula Model for Predicting the Effectiveness of Cyber Defense Early-Warning

abstract Internet-based computer information systems play critical roles in many aspects of modern society. However, these systems are constantly under cyber attacks that can cause catastrophic consequences. To defend these systems effectively, it is necessary to measure and predict the effectiveness of cyber defense mechanisms. In this article, we investigate how to measure and predict the effectiveness of an important cyber defense mechanism that is known as early-warning. This turns out to be a challenging problem because we must accommodate the dependence among certain four-dimensional time series. In the course of using a dataset to demonstrate the prediction methodology, we discovered a new nonexchangeable and rotationally symmetric dependence structure, which may be of independent value. We propose a new vine copula model to accommodate the newly discovered dependence structure, and show that the new model can predict the effectiveness of early-warning more accurately than the others. We also discuss how to use the prediction methodology in practice.

[1]  T. Bedford,et al.  Vines: A new graphical model for dependent random variables , 2002 .

[2]  Aristidis K. Nikoloulopoulos,et al.  Vine copulas with asymmetric tail dependence and applications to financial return data , 2012, Comput. Stat. Data Anal..

[3]  Dorota Kurowicka,et al.  Dependence Modeling: Vine Copula Handbook , 2010 .

[4]  L. Bauwens,et al.  Multivariate GARCH Models: A Survey , 2003 .

[5]  Andrew J. Patton Copula-Based Models for Financial Time Series , 2009 .

[6]  Peng He,et al.  L-Chord: Routing Model for Chord Based on Layer-Dividing , 2007 .

[7]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[8]  Stuart Harvey Rubin,et al.  Distributed denial of service attacks , 2000, Smc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. 'cybernetics evolving to systems, humans, organizations, and their complex interactions' (cat. no.0.

[9]  M. Steel,et al.  On Bayesian Modelling of Fat Tails and Skewness , 1998 .

[10]  Susan A. Murphy,et al.  Monographs on statistics and applied probability , 1990 .

[11]  D. Dijk,et al.  Out-of-Sample Comparison of Copula Specifications in Multivariate Density Forecasts , 2008 .

[12]  Hongsheng Xi,et al.  A Novel Approach to Network Security Situation Awareness Based on Multi-Perspective Analysis , 2007, 2007 International Conference on Computational Intelligence and Security (CIS 2007).

[13]  Dick van Dijk,et al.  Likelihood-based scoring rules for comparing density forecasts in tails , 2011 .

[14]  Robert Nowak,et al.  Network Tomography: Recent Developments , 2004 .

[15]  B. Yu,et al.  Time-varying network tomography: router link data , 2000, 2000 IEEE International Symposium on Information Theory (Cat. No.00CH37060).

[16]  Divya Bansal,et al.  Computational Techniques for Predicting Cyber Threats , 2015 .

[17]  John S. Heidemann,et al.  A framework for classifying denial of service attacks , 2003, SIGCOMM '03.

[18]  Claudia Czado,et al.  Selecting and estimating regular vine copulae and application to financial returns , 2012, Comput. Stat. Data Anal..

[19]  Christian Genest,et al.  “Understanding Relationships Using Copulas,” by Edward Frees and Emiliano Valdez, January 1998 , 1998 .

[20]  Emiliano A. Valdez,et al.  Understanding Relationships Using Copulas , 1998 .

[21]  Curtis B. Storlie,et al.  Scan Statistics for the Online Detection of Locally Anomalous Subgraphs , 2013, Technometrics.

[22]  Christian Genest,et al.  Assessing and Modeling Asymmetry in Bivariate Continuous Data , 2013 .

[23]  Marcus Pendleton,et al.  A Survey on Security Metrics , 2016, ArXiv.

[24]  Sameer Singh,et al.  Novelty detection: a review - part 1: statistical approaches , 2003, Signal Process..

[25]  Shouhuai Xu,et al.  Characterizing Honeypot-Captured Cyber Attacks: Statistical Framework and Case Study , 2013, IEEE Transactions on Information Forensics and Security.

[26]  Shouhuai Xu,et al.  Correction: Spatiotemporal Patterns and Predictability of Cyberattacks , 2015, PloS one.

[27]  Shouhuai Xu,et al.  Cyber Epidemic Models with Dependences , 2015, Internet Math..

[28]  M. Rockinger,et al.  The Copula-GARCH model of conditional dependencies: An international stock market application , 2006 .

[29]  A. Frigessi,et al.  Pair-copula constructions of multiple dependence , 2009 .

[30]  Donal O'Mahony,et al.  Analysing the Security Threats against Network Convergence Architectures , 2007 .

[31]  Y. Vardi,et al.  Network Tomography: Estimating Source-Destination Traffic Intensities from Link Data , 1996 .

[32]  Nathalie Weiler,et al.  Honeypots for distributed denial-of-service attacks , 2002, Proceedings. Eleventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[33]  Heejo Lee,et al.  Cyber Threat Trend Analysis Model Using HMM , 2007, Third International Symposium on Information Assurance and Security.

[34]  M. Sklar Fonctions de repartition a n dimensions et leurs marges , 1959 .

[35]  Shouhuai Xu,et al.  Predicting Cyber Attack Rates With Extreme Values , 2015, IEEE Transactions on Information Forensics and Security.

[36]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[37]  Shouhuai Xu,et al.  A Characterization of Cybersecurity Posture from Network Telescope Data , 2014, INTRUST.

[38]  I. Sasase,et al.  Forecast techniques for predicting increase or decrease of attacks using Bayesian inference , 2005, PACRIM. 2005 IEEE Pacific Rim Conference on Communications, Computers and signal Processing, 2005..

[39]  George C. Polyzos,et al.  A Parameterizable Methodology for Internet Traffic Flow Profiling , 1995, IEEE J. Sel. Areas Commun..

[40]  P. Hansen,et al.  A Forecast Comparison of Volatility Models: Does Anything Beat a Garch(1,1)? , 2004 .

[41]  Stefan Savage,et al.  Inferring Internet denial-of-service activity , 2001, TOCS.

[42]  P. Embrechts,et al.  Dependence modeling with copulas , 2007 .

[43]  Shouhuai Xu,et al.  Spatiotemporal Patterns and Predictability of Cyberattacks , 2015, PloS one.

[44]  Shouhuai Xu,et al.  Cybersecurity dynamics , 2014, HotSoS '14.

[45]  Eric Wustrow,et al.  Internet background radiation revisited , 2010, IMC '10.

[46]  Keesook J. Han,et al.  High Performance Cloud Auditing and Applications , 2014 .

[47]  Walter Willinger,et al.  Self-Similar Network Traffic and Performance Evaluation , 2000 .

[48]  Halbert White,et al.  Tests of Conditional Predictive Ability , 2003 .

[49]  Klaus Nordhausen,et al.  Statistical Analysis of Network Data with R , 2015 .