Abstract-Rigorously characterizing the statistical properties of cyber attacks is an important problem. In this paper, we propose the first statistical framework for rigorously analyzing honeypot-captured cyber attack data. The framework is built on the novel concept of stochastic cyber attack process, a new kind of mathematical objects for describing cyber attacks. To demonstrate use of the framework, we apply it to analyze a lowinteraction honeypot dataset, while noting that the framework can be equally applied to analyze high-interaction honeypot data that contains richer information about the attacks. The case study finds, for the first time, that Long-Range Dependence (LRD) is exhibited by honeypot-captured cyber attacks. The case study confirms that by exploiting the statistical properties (LRD in this case), it is feasible to predict cyber attacks (at least in terms of attack rate) with good accuracy. This kind of prediction capability would provide sufficient early-warning time for defenders to adjust their defense configurations or resource allocations. The idea of "gray-box" (rather than "black-box") prediction is central to the utility of the statistical framework, and represents a significant step towards ultimately understanding (the degree of) the predictability of cyber attacks.
BackgroundPharmacy databases are commonly used to assess medication usage, and a number of measures have been developed to measure patients’ adherence to medication. An extensive literature now supports these measures, although few studies have systematically compared the properties of different adherence measures.MethodsAs part of an 18-month randomized clinical trial to assess the impact of automated telephone reminders on adherence to inhaled corticosteroids (ICS) among 6903 adult members of a managed care organization, we computed eight pharmacy-based measures of ICS adherence using outpatient pharmacy dispensing records obtained from the health plan’s electronic medical record. We used simple descriptive statistics to compare the relative performance characteristics of these measures.ResultsComparative analysis found a relative upward bias in adherence estimates for those measures that require at least one dispensing event to be calculated. Measurement strategies that require a second dispensing event evidence even greater upward bias. These biases are greatest with shorter observation times. Furthermore, requiring a dispensing to be calculated meant that these measures could not be defined for large numbers of individuals (17-32 % of participants in this study). Measurement strategies that do not require a dispensing event to be calculated appear least vulnerable to these biases and can be calculated for everyone. However they do require additional assumptions and data (e.g., pre-intervention dispensing data) to support their validity.ConclusionsMany adherence measures require one, or sometimes two, dispensings in order to be defined. Since such measures assume all dispensed medication is used as directed, they have a built in upward bias that is especially pronounced when they are calculated over relatively short timeframes (< 9 months). Less biased measurement strategies that do not require a dispensing event are available, but require additional data to support their validity.Trial registrationThe study was funded by grant R01HL83433 from the National Heart, Lung and Blood Institute (NHLBI) and is filed as study NCT00414817 in the clinicaltrials.gov database.
Cybersecurity risk has attracted considerable attention in recent decades. However, the modeling of cybersecurity risk is still in its infancy, mainly because of its unique characteristics. In this study, we develop a framework for modeling and pricing cybersecurity risk. The proposed model consists of three components: the epidemic model, loss function, and premium strategy. We study the dynamic upper bounds for the infection probabilities based on both Markov and non-Markov models. A simulation approach is proposed to compute the premium for cybersecurity risk for practical use. The effects of different infection distributions and dependence among infection processes on the losses are also studied.
Let X1, … , Xn be independent random variables with Xi having survival function Fλi, i = 1, … , n, and let Y1, … ,Yn be a random sample with common population survival distribution F, where c = ∑i=1nλi/n. Let Xn:n and Yn:n denote the lifetimes of the parallel systems consisting of these components, respectively. It is shown that Xn:n is greater than Yn:n in terms of likelihood ratio order. It is also proved that the sample range Xn:n − X1:n is larger than Yn:n − Y1:n according to reverse hazard rate ordering. These two results strengthen and generalize the results in Dykstra, Kochar, and Rojo [6] and Kochar and Rojo [11], respectively.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.