Advanced search
Publication Cover
Journal of the Operational Research Society Volume 68, 2017 - Issue 7
Submit an article Journal homepage
741
Views
24
CrossRef citations to date
0
Altmetric
General Paper

Contagion in cyber security attacks

Adrian BaldwinHP LabsBristolUnited Kingdom
,
Iffat GheyasBirmingham City UniversityBirminghamUnited Kingdom
,
Christos IoannidisUniversity of BathSomersetUnited Kingdom
,
David PymUniversity College LondonLondonUnited Kingdom
&
Julian WilliamsUniversity of DurhamDurhamUnited KingdomCorrespondence[email protected]
Pages 780-791 | Published online: 21 Dec 2017
 
Sample our Economics, Finance,Business & Industry journals, sign in here to start your access, latest two full volumes FREE to you for 14 days

Abstract

Systems security is essential for the efficient operation of all organizations. Indeed, most large firms employ a designated ‘Chief Information Security Officer’ to coordinate the operational aspects of the organization’s information security. Part of this role is in planning investment responses to information security threats against the firm’s corporate network infrastructure. To this end, we develop and estimate a vector equation system of threats to 10 important IP services, using industry standard SANS data on threats to various components of a firm’s information system over the period January 2003 – February 2011. Our results reveal strong evidence of contagion between such attacks, with attacks on ssh and Secure Web Server indicating increased attack activity on other ports. Security managers who ignore such contagious inter-relationships may underestimate the underlying risk to their systems’ defence of security attributes, such as sensitivity and criticality, and thus delay appropriate information security investments.

Acknowledgements

We are grateful to Yacine Aït-Sahalia and Jean Jacod for the Matlab code used in the estimation procedure for the system described for EquationEquations (19), Equation(18) and Equation(17), the full derivation of the estimator is provided on pages 45–47 of Aït-Sahalia et al (2010). The data and codes used in this paper are available from the authors’ websites.

Notes

2 Port scanning is a technique whereby an attacker probes ports, access points, on a network. Early port scanning looked for open ports to access a part of the network; however, modern techniques involve actively probing for out-of-date port protection to exploit vulnerabilities in closed or encrypted ports.

3 In general, G(τ) need not be positive semi-definitive, because of the existence of possible asymmetric responses in the intensity process. In the case that G(τ) is positive semi-definite then the resulting eigenvectors are the weights of a set of orthogonal processes that are interpretable as principal components.

4 The data, routines, and all the pivotal statistics for the parameter estimates are available from the authors’ webpage.

Log in via your institution

Access through your institution

Log in to Taylor & Francis Online

Restore content access

Restore content access for purchases made as guest
Purchase options * Save for later

PDF download + Online access

  • 48 hours access to article PDF & online version
  • Article PDF can be downloaded
  • Article PDF can be printed
USD 61.00 Add to cart

Issue Purchase

  • 30 days online access to complete issue
  • Article PDFs can be downloaded
  • Article PDFs can be printed
USD 277.00 Add to cart

* Local tax will be added as applicable

Related Research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.