December 2024 Spatio-temporal analysis of dependent risk with an application to cyberattacks data
Songhyun Kim, Chae Young Lim, Yeonwoo Rho
Author Affiliations +
Ann. Appl. Stat. 18(4): 3549-3569 (December 2024). DOI: 10.1214/24-AOAS1952

Abstract

Cybersecurity is an important issue given the increasing risks due to cyberattacks in many areas. Cyberattacks could result in huge losses such as data breaches, failures in the control systems of infrastructures, physical damages in manufacturing industries, etc. As a result, cybersecurity-related research has grown rapidly for in-depth analysis. One main interest is to understand the correlated nature of cyberattack data. To understand such characteristics, we propose a spatio-temporal model for the hostwisely aggregated cyberattack data by incorporating the characteristics of the attackers. We develop a new dissimilarity measure as a proxy of spatial distance to be integrated into the model. The proposed model can be considered as a spatial extension of the GARCH model. The estimation is carried out using a Bayesian approach, which is demonstrated to work well in simulations. The proposed model is applied to publicly available honeypot data after the data are divided by selected features of the attackers via clustering. The estimated model parameters vary by groups of attackers, which was not revealed by modeling the entire dataset.

Funding Statement

Y. Rho was supported by NSF-CPS grant #1739422.
C.Y. Lim was supported by National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIT) (NRF-2019R1A2C1002213, 2020R1A4A1018207).

Acknowledgments

The authors would like to thank the anonymous referees, an Associate Editor and the Editor for their constructive comments that significantly improved the quality of this paper.

Citation

Download Citation

Songhyun Kim. Chae Young Lim. Yeonwoo Rho. "Spatio-temporal analysis of dependent risk with an application to cyberattacks data." Ann. Appl. Stat. 18 (4) 3549 - 3569, December 2024. https://doi.org/10.1214/24-AOAS1952

Information

Received: 1 February 2023; Revised: 1 August 2024; Published: December 2024
First available in Project Euclid: 31 October 2024

Digital Object Identifier: 10.1214/24-AOAS1952

Keywords: clustering , cyberattack , honeypot data , MCMC , spatial-GARCH model

Rights: Copyright © 2024 Institute of Mathematical Statistics

Vol.18 • No. 4 • December 2024
Back to Top