Abstract
This chapter describes statistical approaches to cyber security. Telecommunication and computer network systems form a physical foundation of a cyberspace. Cyberspace is of critical importance to national security and economy. Because cyber attacks and cybercrime pose a considerable and increasing threat to society, security of cyber systems must be improved. In intrusion detection, three fundamental methodologies for cyber attack detection are known, namely anomaly detection, signature recognition, and attack norm separation. Based on these methodologies, various statistical approaches for detecting cyber attacks have been developed. However, cyber attacks continue to evolve. Distributed attacks are emerging that hijack and harvest the power of cloud technologies to cause disruption. System-wide approaches are needed to enable early detection of such attacks. We propose a new graph-based modeling framework and derive a network-based statistical method that could help detect compromised structures in a cyberspace. We illustrate our new approach with an example of a small cyberspace.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Ayutyanont, N.: Statistical Characteristics and Models of Cyber Attack and Norm Data for Cyber Attack Detection. Ph.D. Dissertation. Arizona State University, Tempe, AZ, USA (2007)
Calo, S., Wood, D., Zerfos, P., Vyvyan, D., Dantressangle, P., Bent, G.: Technologies for Federation and Interoperation of Coalition Networks. In: Proceedings of 12th International Conference on Information Fusion, Seattle (2009)
Casas, P., Mazel, J., and Owezarski, P.: Unsupervised network intrusion detection systems: Detecting the unknown without knowledge. Comput. Comm. 35(7), 772–783 (2012)
Chora, M., DAntonio, S., Kozik, R., Holubowicz, W.: INTERSECTION Approach to Vulnerability Handling. In: Proceedings of 6th International Conference on Web Information Systems and Technologies, WEBIST 2010, vol. 1, pp. 171–174. INSTICC Press, Valencia (2010)
Choraś, M., Kozik, R. Network Event Correlation and Semantic Reasoning for Federated Networks Protection System. In Computer Information Systems Analysis and Technologies. Springer, Berlin Heidelberg, 48–54 (2011)
Department of Defense Strategy for Operating in Cyberspace. U.S. Department of Defense. July 2011. http://www.defense.gov/home/features/2011/0411_cyberstrategy/docs/DoD_Strategy_for_Operating_in_Cyberspace_July_2011.pdf. Cited 15 Apr 2013.
Dean, D. et al. The Internet Economy in the G-20. The Boston Consulting Group. March 2012. http://www.bcg.com/documents/file100409.pdf. Cited 15 Apr 2013
Emran, S.M., Ye, N.: Robustness of chi-squared and Canberra techniques in detecting intrusions into information systems. Qual. Reliab. Eng. Int.18(1), 19–28 (2002)
El-Damhougy, H., Yousefizadeh, H., Lofquist, H., Sackman, D., Crowley, R.: Hierarchical and federated network management for tactical environments. In: Proceedings of IEEE Military Communications Conference MILCOM, vol. 4, pp. 2062–2067 (2005)
ICT facts and figures: The World in 2013. ICT Data and Statistics Division. International Telecommunication Union. Geneva, Switzerland. February 2013. http://www.itu.int/en/ITU-D/Statistics/Documents/facts/ICTFactsFigures2013-e.pdf. Cited 3 Jan 2014
IC3 2012 Internet Crime Report Released: More than 280,000 Complaints of Online Criminal Activity. National Press Releases. FBI National Press Office. The Federal Bureau of Investigation. May 2013. http://www.fbi.gov/news/pressrel/press-releases/ic3-2012-internet-crime-report-released. Cited 30 Jun 2013.
Lee, W., Stolfo, S.J., Mok, K.: A data mining framework for building intrusion detection models. In: Proceedings of the 199 IEE Symposium on Security and Privacy. Anaheim, CA: IEEE Computer Society Press, pp. 120–132 (1999)
Li, X., Ye, N.: Decision tree classifiers for computer intrusion detection. J. Paralel and Distributed Comput. Practices, 4(2), 179–190 (2001)
Li, X., Ye, N.: Grid- and dummy-cluster-based learning of normal and intrusive clusters for computer intrusion detection. Qual. Reliab. Eng. Int. 18(3), 231–242 (2002)
Li, X., Ye, N.: A supervised clustering algorithm for mining normal and intusive activity patterns in computer intrusion detection. Knowledge Inform. Syst. 8(4), 498–509 (2005)
Li, X., Ye, N.: A supervised clustering and classification algorithm for mining data with mixed variables. IEEE Trans. Syst. Man, Cybernet. 36(2), 396–406 (2006)
Mujtaba, M., Nanda, P., and He, X.: Border gateway protocol anomaly detection using failure quality control method. In Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on (pp. 1239–1244). IEEE (June 2012).
NATO Network Enabled Feasibility Study Volume II: Detailed Report Covering a Strategy and Roadmap for Realizing an NNEC Networking and Information Infrastructure (NII), version 2.0
Perlroth, N., Hardy, Q.: Bank Hacking Was the Work of Iranians, Officials Say. The New York Times (2013). http://www.nytimes.com/2013/01/09/technology/online-banking-attacks-were-work-of-iran-us-officials-say.html?pagewanted=1&_r=1&. Cited 26 Feb 2013.
Simmross-Wattenberg, F., Asensio-Perez, J. I., Casaseca-de-la-Higuera, P., Martin-Fernandez, M., Dimitriadis, I. A., and Alberola-Lpez, C.: Anomaly detection in network traffic based on statistical inference and alpha-Stable modeling. IEEE Trans. Dependable and Secure Comput. 8(4), 494–509 (2011)
The economic impact of cybercrime and cyber espionage. Center for Strategic and International Studies. McAfee, An Intel Company. July 2013. http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime.pdf. Cited 20 Aug 2013.
Ye, N.: Secure Computer and Network Systems. Wiley, Chichester (2008)
Ye, N., Chen, Q.: An anomaly detection technique based on a chi-square statistics for detecting intrusions into information systems. Qual. Reliab. Eng. Int. 17(2), 105–112 (2001)
Ye, N., Chen, Q.: Computer intrusion detection through EWMA for auto-correlated and uncorrelated data. IEEE Trans. Reliab. 52(1), 73–82 (2003)
Ye, N., Li, X.: A scalable, incremental learning algorithm for classification problems. Comput Indust. Eng. 43(4), 677–692 (2002)
Ye, N., Borror, C., Parmar, D.: Scalable chi square distance versus conventional statistical distance for process monitoring with uncorrelated data variables. Qual. Reliab. Eng. Int. 19(6), 505–515 (2003)
Ye, N., Borror, C., Zhang, Y.: EWMA techniques for computer intrusion detection through anomalous changes in event density. Qual. Reliab. Eng. Int. 18(6), 443–451 (2002)
Ye, N., Chen, Q., Borror, C.: EWMA forecast of normal system activity for computer intrusion detection. IEEE Trans. Reliab. 53(4), 557–566 (2004)
Ye, N., Chen, Q., Emran, S.M., Xu, M.: Probabilistic techniques for intrusion detection based on computer audit data. IEEE Trans. Syst. Man, Cybernet. 31(4), 266–274 (2001)
Ye, N., Ehiabor, T., Zhang, Y.: First-order versus high-order stochastic models for computer intrusion detection. Qual. Reliab. Eng. Int. 18(3), 243–250 (2002)
Ye, N., Emran, S.M., Chen, Q., Vilbert, S.: Multivariate statistical analysis of audit trails for host-based intrusion detection. IEEE Trans. Comput. 51(7), 810–820 (2002)
Ye, N., Giordano, J., Feldman, J.: A process control approach to cyber attack detection. Comm. ACM. 4(8), 76–82 (2001)
Ye, N., Parmar, D., Borror, C.M.: A hybrid SPC method with the Chi-square distance monitoring procedure for large-scale, complex process data. Qual. Reliab. Eng. Int. 22(4), 393–402 (2006)
Ye, N., Zhang, Y., Borror, C.M.: Robustness of the Markov-chain model for cyber attack detection. IEEE Trans. Reliab. 53(1), 116–123 (2004)
Ye, N., Li, X., Chen, Q., Emran, S.M., Xu, M.: Probabilistic techniques for intrusion detection based on computer audit data. IEEE Trans. Syst. Man, Cybernet. 31(4), 266–274 (2001)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Kammerdiner, A.R. (2014). Statistical Techniques for Assessing Cyberspace Security. In: Vogiatzis, C., Walteros, J., Pardalos, P. (eds) Dynamics of Information Systems. Springer Proceedings in Mathematics & Statistics, vol 105. Springer, Cham. https://doi.org/10.1007/978-3-319-10046-3_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-10046-3_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-10045-6
Online ISBN: 978-3-319-10046-3
eBook Packages: Mathematics and StatisticsMathematics and Statistics (R0)