Armin Sarabi

Learn More
In this study we characterize the extent to which cyber security incidents, such as those referenced by Verizon in its annual Data Breach Investigations Reports (DBIR), can be predicted based on externally observable properties of an organization’s network. We seek to proactively forecast an organization’s breaches and to do so without cooperation of the(More)
In this paper we study the implications of end-user behavior in applying software updates and patches on information-security vulnerabilities. To this end we tap into a large data set of measurements conducted on more than 400,000 Windows machines over four client-side applications, and separate out the impact of user and vendor behavior on the(More)
This study offers a first step toward understanding the extent to which we may be able to predict cyber security incidents (which can be of one of many types) by applying machine learning techniques and using externally observed malicious activities associated with network entities, including spamming, phishing, and scanning, each of which may or may not(More)
This paper aims to understand if, and to what extent, business details about an organization can help provide guidelines for better resource allocation across different preventive measures, in order to effectively protect, detect, and recover from, different forms of security incidents. Existing work on analyzing the distribution of risk across different(More)
This article aims to understand if, and to what extent, business details about an organization can help to assess a company’s risk in experiencing data breach incidents, as well its distribution of risk over multiple incident types, in order to provide guidelines to effectively protect, detect, and recover from different forms of security incidents.(More)
In this paper we consider a single resource-constrained strategic adversary, who can arbitrarily distribute his resources over a set of nodes controlled by a single defender. The defender can (1) instruct nodes to filter incoming traffic from another node to reduce the chances of being compromised due to malicious traffic originating from that node, or (2)(More)
  • 1