EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Statistical models for the number of successful cyber intrusions

Nandi O Leslie, Richard E Harang, Lawrence P Knachel and Alexander Kott

The Journal of Defense Modeling and Simulation, 2018, vol. 15, issue 1, 49-63

Abstract: We propose several generalized linear models (GLMs) to predict the number of successful cyber intrusions (or “intrusions†) into an organization’s computer network, where the rate at which intrusions occur is a function of the following observable characteristics of the organization: (i) domain name system (DNS) traffic classified by their top-level domains (TLDs); (ii) the number of network security policy violations; and (iii) a set of predictors that we collectively call the “cyber footprint†that is comprised of the number of hosts on the organization’s network, the organization’s similarity to educational institution behavior, and its number of records on scholar.google.com . In addition, we evaluate the number of intrusions to determine whether these events follow a Poisson or negative binomial (NB) probability distribution. We reveal that the NB GLM provides the best fit model for the observed count data, number of intrusions per organization, because the NB model allows the variance of the count data to exceed the mean. We also show that there are restricted and simpler NB regression models that omit selected predictors and improve the goodness-of-fit of the NB GLM for the observed data. With our model simulations, we identify certain TLDs in the DNS traffic as having a significant impact on the number of intrusions. In addition, we use the models and regression results to conclude that the number of network security policy violations is consistently predictive of the number of intrusions.

Keywords: Domain name server traffic; cyber risk; generalized linear models; negative binomial model; principal component analysis; managed security service provider; regression (search for similar items in EconPapers)
Date: 2018
References: View references in EconPapers View complete reference list from CitEc
Citations: View citations in EconPapers (1)

Downloads: (external link)
https://journals.sagepub.com/doi/10.1177/1548512917715342 (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:sae:joudef:v:15:y:2018:i:1:p:49-63

DOI: 10.1177/1548512917715342

Access Statistics for this article

More articles in The Journal of Defense Modeling and Simulation
Bibliographic data for series maintained by SAGE Publications ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:sae:joudef:v:15:y:2018:i:1:p:49-63