论文信息 - Proportional Hazards in Information Security

Proportional Hazards in Information Security

Nonparametric methods can be used to analyze failure times and estimate probability distributions for failures of systems due to successful attacks on confidentiality, integrity, and availability in information security. However, such methods do not take full advantage of supplemental information regarding the configurations of systems in an information infrastructure that is usually also available. One approach, which does take advantage of such information, views the risks of systems failing from various causes as competing risks and determines the correlation coefficients of different treatments to system longevity. Since the times and causes of failure in such studies are usually uncorrelated, the hazards associated with each risk are proportional. By correlating system survival times to the use of specific design enhancements and security countermeasures, as well as to system exposure based on choice of operational functionality, guidance can be obtained for making investments in information security.

Daniel J. Ryan | Julie J. C. H. Ryan | Julie J C H Ryan | Daniel J Ryan

[1] R. Kay. Treatment effects in competing-risks analysis of prostate cancer data. , 1986, Biometrics.

[2] J. Kalbfleisch,et al. The Statistical Analysis of Failure Time Data: Kalbfleisch/The Statistical , 2002 .

[3] J. Kalbfleisch,et al. The Statistical Analysis of Failure Time Data , 1980 .

[4] Daniel J. Ryan,et al. Expected benefits of information security investments , 2006, Comput. Secur..

[5] David R. Cox,et al. Regression models and life tables (with discussion , 1972 .

[6] O. Borgan. The Statistical Analysis of Failure Time Data (2nd Ed.). John D. Kalbfleisch and Ross L. Prentice , 2003 .

[7] J. Peto,et al. Asymptotically Efficient Rank Invariant Test Procedures , 1972 .

[8] N. Breslow. Covariance analysis of censored survival data. , 1974, Biometrics.

[9] D. Collet. Modelling Survival Data in Medical Research , 2004 .

[10] D. Collett. Modelling survival data , 1994 .

[11] SpitznerLance. The Honeynet Project , 2003, S&P 2003.

[12] Julie J. C. H. Ryan. THE USE , MISUSE , AND ABUSE OF STATISTICS IN INFORMATION SECURITY RESEARCH , 2004 .

[13] Joseph D. Conklin. Classical Competing Risks , 2002, Technometrics.

[14] Laurence L. George,et al. The Statistical Analysis of Failure Time Data , 2003, Technometrics.

[15] M. Cowles. Modelling Survival Data in Medical Research (2nd ed.) (Book) , 2004 .

[16] R. Peto,et al. Asymptotically efficient rank invariant test procedure (with discussion). , 1972 .