Multivariate dependence among cyber risks based on L-hop propagation

Abstract Dependence among cyber risks has been an essential and challenging component of risk management. The current study characterizes cyber dependence from both qualitative and quantitative perspectives based on L-hop propagation model. From the qualitative side, it is shown that cyber risks always possess positive association based on the proposed risk propagation model. From the quantitative side, an explicit formula for computing the fundamental dependence measure of covariance is provided for an arbitrary network. In particular, we study the impacts of factors—especially external and internal compromise probabilities, propagation depth, and network topologies—on dependence among cyber risks. We conclude by presenting some examples and applications.

[1]  Aron Laszka,et al.  On the Assessment of Systematic Risk in Networked Systems , 2018, ACM Trans. Internet Techn..

[2]  P Donnelly The correlation structure of epidemic models. , 1993, Mathematical biosciences.

[3]  Shouhuai Xu,et al.  A Vine Copula Model for Predicting the Effectiveness of Cyber Defense Early-Warning , 2017, Technometrics.

[4]  Maochao Xu,et al.  Cybersecurity Insurance: Modeling and Pricing , 2019, North American Actuarial Journal.

[5]  Martin Eling,et al.  Copula approaches for modeling cross-sectional dependence of data breach losses , 2018, Insurance: Mathematics and Economics.

[6]  Pasquale Malacaria,et al.  Scalable min-max multi-objective cyber-security optimisation over probabilistic attack graphs , 2019, Eur. J. Oper. Res..

[7]  Peng Zhao,et al.  Modeling Malicious Hacking Data Breach Risks , 2020, North American Actuarial Journal.

[8]  H. Joe Dependence Modeling with Copulas , 2014 .

[9]  Samir Chatterjee,et al.  e-Risk Management with Insurance: A Framework Using Copula Aided Bayesian Belief Networks , 2006, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06).

[10]  A. Müller,et al.  Comparison Methods for Stochastic Models and Risks , 2002 .

[11]  R. Weaver,et al.  Visualizing and Modeling the Scanning Behavior of the Conficker Botnet in the Presence of User and Network Activity , 2015, IEEE Transactions on Information Forensics and Security.

[12]  Hamed Amini,et al.  Inhomogeneous Financial Networks and Contagious Links , 2014, Oper. Res..

[13]  Piet Van Mieghem,et al.  Epidemic processes in complex networks , 2014, ArXiv.

[14]  Michael G H Bell,et al.  Attacker-defender model against quantal response adversaries for cyber security in logistics management: An introductory study , 2019, Eur. J. Oper. Res..

[15]  Shouhuai Xu,et al.  Characterizing Honeypot-Captured Cyber Attacks: Statistical Framework and Case Study , 2013, IEEE Transactions on Information Forensics and Security.

[16]  Jay Simon,et al.  Cybersecurity investments in the supply chain: Coordination and a strategic attacker , 2020, Eur. J. Oper. Res..

[17]  Rainer Böhme,et al.  Models and Measures for Correlation in Cyber-Insurance , 2006, WEIS.

[18]  Mamoun Alazab,et al.  Big Data for Cybersecurity: Vulnerability Disclosure Trends and Dependencies , 2019, IEEE Transactions on Big Data.

[19]  Hemantha S. B. Herath,et al.  Copula Based Actuarial Model for Pricing Cyber-Insurance Policies , 2011 .

[20]  Ramachandra Kota,et al.  Decentralized approaches for self-adaptation in agent organizations , 2012, TAAS.

[21]  Martin Eling,et al.  What do we know about cyber risk and cyber risk insurance , 2016 .

[22]  P. Van Mieghem The N-intertwined SIS epidemic network model , 2011 .

[23]  Matthias A. Fahrenwaldt,et al.  PRICING OF CYBER INSURANCE CONTRACTS IN A NETWORK MODEL , 2018, ASTIN Bulletin.

[24]  Terrence August,et al.  Who Should be Responsible for Software Security? A Comparative Analysis of Liability Policies in Network Environments , 2011, WEIS.

[25]  Dragan Stevanović Spectral Radius of Graphs , 2014 .

[26]  Shouhuai Xu,et al.  Modeling multivariate cybersecurity risks , 2018 .

[27]  Anna Nagurney,et al.  Multifirm models of cybersecurity investment competition vs. cooperation and network vulnerability , 2017, Eur. J. Oper. Res..

[28]  Anand Shah Pricing and Risk Mitigation Analysis of a Cyber Liability Insurance using Gaussian, t and Gumbel Copulas – A Case for Cyber Risk Index , 2016 .

[29]  Jin-Hee Cho,et al.  Applying Percolation Theory , 2018, Cyber Resilience of Systems and Networks.

[30]  H. Kunreuther,et al.  Interdependent Security , 2003 .

[31]  Shouhuai Xu,et al.  Modeling and Predicting Cyber Hacking Breaches , 2018, IEEE Transactions on Information Forensics and Security.

[32]  Rainer Böhme,et al.  Modeling Cyber-Insurance: Towards a Unifying Framework , 2010, WEIS.

[33]  Martin Eling,et al.  What are the actual costs of cyber risk events? , 2019, Eur. J. Oper. Res..

[34]  Parra-ArnauJavier,et al.  Fine-Grained Control over Tracking to Support the Ad-Based Web Economy , 2018 .

[35]  Richard E. Barlow,et al.  Statistical Theory of Reliability and Life Testing: Probability Models , 1976 .

[36]  Wim Schoutens,et al.  A multivariate dependence measure for aggregating risks , 2014, J. Comput. Appl. Math..

[37]  Jan Dhaene,et al.  The Concept of Comonotonicity in Actuarial Science and Finance: Theory , 2002, Insurance: Mathematics and Economics.

[38]  Christos Faloutsos,et al.  Epidemic thresholds in real networks , 2008, TSEC.

[39]  Shouhuai Xu,et al.  Cybersecurity Dynamics: A Foundation for the Science of Cybersecurity , 2020, Proactive and Dynamic Network Defense.

[40]  Shouhuai Xu,et al.  Push- and pull-based epidemic spreading in networks: Thresholds and deeper insights , 2012, TAAS.

[41]  Peng Zhao,et al.  Modeling Network Systems Under Simultaneous Cyber-Attacks , 2019, IEEE Transactions on Reliability.

[42]  Peng Zhao,et al.  Joint Cyber Risk Assessment of Network Systems with Heterogeneous Components , 2020, ArXiv.

[43]  Kelly Klima,et al.  Estimating the Global Cost of Cyber Risk: Methodology and Examples , 2018 .

[44]  Shouhuai Xu,et al.  Cyber Epidemic Models with Dependences , 2015, Internet Math..

[45]  William J. Dally,et al.  Principles and Practices of Interconnection Networks , 2004 .