Cyber risk modeling using a two-phase Hawkes process with external excitation

Alexandre BoumezouedCREST, Yousra CherkaouiCREST, Caroline HillairetCREST
{"title":"Cyber risk modeling using a two-phase Hawkes process with external excitation","authors":"Alexandre BoumezouedCREST, Yousra CherkaouiCREST, Caroline HillairetCREST","doi":"arxiv-2311.15701","DOIUrl":null,"url":null,"abstract":"With the growing digital transformation of the worldwide economy, cyber risk\nhas become a major issue. As 1 % of the world's GDP (around $1,000 billion) is\nallegedly lost to cybercrime every year, IT systems continue to get\nincreasingly interconnected, making them vulnerable to accumulation phenomena\nthat undermine the pooling mechanism of insurance. As highlighted in the\nliterature, Hawkes processes appear to be suitable models to capture contagion\nphenomena and clustering features of cyber events. This paper extends the\nstandard Hawkes modeling of cyber risk frequency by adding external shocks,\nmodelled by the publication of cyber vulnerabilities that are deemed to\nincrease the likelihood of attacks in the short term. The aim of the proposed\nmodel is to provide a better quantification of contagion effects since, while\nthe standard Hawkes model allocates all the clustering phenomena to\nself-excitation, our model allows to capture the external common factors that\nmay explain part of the systemic pattern. We propose a Hawkes model with two\nkernels, one for the endogenous factor (the contagion from other cyber events)\nand one for the exogenous component (cyber vulnerability publications). We use\nparametric exponential specifications for both the internal and exogenous\nintensity kernels, and we compare different methods to tackle the inference\nproblem based on public datasets containing features of cyber attacks found in\nthe Hackmageddon database and cyber vulnerabilities from the Known Exploited\nVulnerability database and the National Vulnerability Dataset. By refining the\nexternal excitation database selection, the degree of endogeneity of the model\nis nearly halved. We illustrate our model with simulations and discuss the\nimpact of taking into account the external factor driven by vulnerabilities.\nOnce an attack has occurred, response measures are implemented to limit the\neffects of an attack. These measures include patching vulnerabilities and\nreducing the attack's contagion. We use an augmented version of the model by\nadding a second phase modeling a reduction in the contagion pattern from the\nremediation measures. Based on this model, we explore various scenarios and\nquantify the effect of mitigation measures of an insurance company that aims to\nmitigate the effects of a cyber pandemic in its insured portfolio.","PeriodicalId":501330,"journal":{"name":"arXiv - MATH - Statistics Theory","volume":"63 10","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2023-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - MATH - Statistics Theory","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2311.15701","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

With the growing digital transformation of the worldwide economy, cyber risk has become a major issue. As 1 % of the world's GDP (around $1,000 billion) is allegedly lost to cybercrime every year, IT systems continue to get increasingly interconnected, making them vulnerable to accumulation phenomena that undermine the pooling mechanism of insurance. As highlighted in the literature, Hawkes processes appear to be suitable models to capture contagion phenomena and clustering features of cyber events. This paper extends the standard Hawkes modeling of cyber risk frequency by adding external shocks, modelled by the publication of cyber vulnerabilities that are deemed to increase the likelihood of attacks in the short term. The aim of the proposed model is to provide a better quantification of contagion effects since, while the standard Hawkes model allocates all the clustering phenomena to self-excitation, our model allows to capture the external common factors that may explain part of the systemic pattern. We propose a Hawkes model with two kernels, one for the endogenous factor (the contagion from other cyber events) and one for the exogenous component (cyber vulnerability publications). We use parametric exponential specifications for both the internal and exogenous intensity kernels, and we compare different methods to tackle the inference problem based on public datasets containing features of cyber attacks found in the Hackmageddon database and cyber vulnerabilities from the Known Exploited Vulnerability database and the National Vulnerability Dataset. By refining the external excitation database selection, the degree of endogeneity of the model is nearly halved. We illustrate our model with simulations and discuss the impact of taking into account the external factor driven by vulnerabilities. Once an attack has occurred, response measures are implemented to limit the effects of an attack. These measures include patching vulnerabilities and reducing the attack's contagion. We use an augmented version of the model by adding a second phase modeling a reduction in the contagion pattern from the remediation measures. Based on this model, we explore various scenarios and quantify the effect of mitigation measures of an insurance company that aims to mitigate the effects of a cyber pandemic in its insured portfolio.
基于外部激励的两阶段Hawkes过程的网络风险建模
随着全球经济数字化转型的不断深入,网络风险已成为一个重大问题。据称,网络犯罪每年造成的损失占全球GDP的1%(约1万亿美元),IT系统的互联程度不断加深,这使得它们容易受到破坏保险汇集机制的累积现象的影响。正如文献中所强调的那样,霍克斯过程似乎是捕捉网络事件的传染现象和聚类特征的合适模型。本文通过增加外部冲击来扩展网络风险频率的标准Hawkes模型,通过发布被认为在短期内增加攻击可能性的网络漏洞来建模。我们提出的模型的目的是为了更好地量化传染效应,因为标准霍克斯模型将所有的聚类现象都分配给了自激励,而我们的模型允许捕捉可能解释部分系统性模式的外部共同因素。我们提出了一个具有两个核的Hawkes模型,一个用于内生因素(来自其他网络事件的传染),一个用于外生因素(网络脆弱性出版物)。我们对内部和外部强度核都使用了参数指数规范,并比较了不同的方法来解决基于公共数据集的推理问题,这些数据集包含在Hackmageddon数据库中发现的网络攻击特征,以及来自已知漏洞数据库和国家漏洞数据集的网络漏洞。通过改进外部激励数据库的选择,模型的内生性程度降低了近一半。我们用模拟来说明我们的模型,并讨论了考虑到由漏洞驱动的外部因素的影响。一旦攻击发生,就会实施响应措施来限制攻击的影响。这些措施包括修补漏洞和减少攻击的蔓延。我们使用该模型的增强版本,通过添加第二阶段建模来减少来自调解措施的传染模式。基于该模型,我们探索了各种情景,并量化了一家保险公司缓解措施的效果,该措施旨在减轻网络大流行对其投保投资组合的影响。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信