Using Population Characteristics to Build Forecasting Models for Computer Security Incidents

2012 IEEE 23rd International Symposium on Software Reliability Engineering Pub Date : 2012-11-27 DOI:10.1109/ISSRE.2012.34

Edward M. Condon, M. Cukier

{"title":"Using Population Characteristics to Build Forecasting Models for Computer Security Incidents","authors":"Edward M. Condon, M. Cukier","doi":"10.1109/ISSRE.2012.34","DOIUrl":null,"url":null,"abstract":"Computer and network security incidents have financial and other consequences to organizations, such as direct business losses from theft of proprietary information or from just reputational damage. There are also costs for restoring operations and protecting against threats. Being able to quantify the impact of different factors within an organization may provide additional context for prevention and remediation efforts. This paper examines a large set of security incident data along with some population characteristic data from an organization's network. We discuss the rationale for examining the different population characteristics and their potential influence on computer security incidents. We then create logistic regression models using the population characteristics to forecast which machines in the population may be involved in a computer security incident. We evaluate the models using the forecasts as a set of unequal probability weights combined with repeated sampling. We also explore different time windows used for the inclusion of data during model creation.","PeriodicalId":172003,"journal":{"name":"2012 IEEE 23rd International Symposium on Software Reliability Engineering","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 IEEE 23rd International Symposium on Software Reliability Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISSRE.2012.34","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Computer and network security incidents have financial and other consequences to organizations, such as direct business losses from theft of proprietary information or from just reputational damage. There are also costs for restoring operations and protecting against threats. Being able to quantify the impact of different factors within an organization may provide additional context for prevention and remediation efforts. This paper examines a large set of security incident data along with some population characteristic data from an organization's network. We discuss the rationale for examining the different population characteristics and their potential influence on computer security incidents. We then create logistic regression models using the population characteristics to forecast which machines in the population may be involved in a computer security incident. We evaluate the models using the forecasts as a set of unequal probability weights combined with repeated sampling. We also explore different time windows used for the inclusion of data during model creation.

查看原文本刊更多论文

利用群体特征建立计算机安全事件预测模型

计算机和网络安全事件会给组织带来财务和其他方面的后果，例如由于专有信息被盗或声誉受损而造成的直接业务损失。还有恢复运营和防范威胁的成本。能够量化组织内不同因素的影响，可以为预防和补救工作提供额外的环境。本文研究了来自某组织网络的大量安全事件数据以及一些人口特征数据。我们讨论了研究不同人口特征及其对计算机安全事件的潜在影响的基本原理。然后，我们使用总体特征创建逻辑回归模型来预测总体中哪些机器可能涉及计算机安全事件。我们将预测作为一组不相等的概率权重与重复抽样相结合来评估模型。我们还探讨了在模型创建期间用于包含数据的不同时间窗口。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2012 IEEE 23rd International Symposium on Software Reliability Engineering

自引率

0.00%

发文量