Learn More
In this study we characterize the extent to which cyber security incidents, such as those referenced by Verizon in its annual Data Breach Investigations Reports (DBIR), can be predicted based on externally observable properties of an organization's network. We seek to proac-tively forecast an organization's breaches and to do so without cooperation of the(More)
This study offers a first step toward understanding the extent to which we may be able to predict cyber security incidents (which can be of one of many types) by applying machine learning techniques and using externally observed malicious activities associated with network entities, including spamming, phishing, and scanning, each of which may or may not(More)
This paper aims to understand if, and to what extent, business details about an organization can help provide guidelines for better resource allocation across different preventive measures, in order to effectively protect, detect , and recover from, different forms of security incidents. Existing work on analyzing the distribution of risk across different(More)
In this paper we consider a single resource-constrained strategic adversary, who can arbitrarily distribute his resources over a set of nodes controlled by a single defender. The defender can (1) instruct nodes to filter incoming traffic from another node to reduce the chances of being compromised due to malicious traffic originating from that node, or (2)(More)
  • 1