ABSTRACT
Cyber attacks have become a problem that is threatening the economy, human privacy, and even national security. Before we can adequately address the problem, we need to have a crystal clear understanding about cyber attacks from various perspectives. This is a challenge because the Internet is a large-scale complex system with humans in the loop. In this paper, we investigate a particular perspective of the problem, namely the extreme value phenomenon that is exhibited by cyber attack rates, which are the numbers of attacks against a system of interest per time unit. It is important to explore this perspective because understanding the statistical properties of extreme cyber attack rates will pave the way for cost-effective, if not optimal, allocation of resources in real-life cyber defense operations. Specifically, we propose modeling and predicting extreme cyber attack rates via marked point processes, while using the Value-at-Risk as a natural measure of intense cyber attacks. The point processes are then applied to analyze some real data sets. Our analysis shows that the point processes can describe and predict extreme cyber attack rates at a very satisfactory accuracy.
Acknowledgements
The authors are very grateful to the two anonymous referees for their insightful and constructive comments which led to this improved version of the paper. We thank CAIDA for providing us the telescope data set that is analyzed in the present paper. We thank Sajad Khorsandroo for preprocessing the telescope data set and Zhenxin Zhan for preparing the honeypot data set.
Disclosure statement
No potential conflict of interest was reported by the authors.