Mathematical Modeling of the Enterprise Cyberattack Intensity Taking into Account the Elasticity of the Audit Period
DOI: 10.31673/2409-7292.2019.041221
DOI:
https://doi.org/10.31673/2409-7292.2019.041221Abstract
The research focus is on the cybersecurity audit of the enterprise for its information security, given that the audit is a complex process that requires not only professional knowledge, but also defines the strategic priorities and orientations of the information security of the enterprise. The factors that affect the length of time between audits are highlighted: enterprise investment in cybersecurity, complexity of systems, confidential data. Scheduled automated audit of the enterprise in the context of cyber threats spam type and calculate the average effect value. The functional dependence of the cyberattack intensity is modeled, which is described by the nonlinear Bernoulli differential equation, which, according to the hypothesis that the integral cyberattack intensity function is subject to the logistic law, describes the process of the time series of the cyberattack intensity.
Keywords: audit, COSO cube, cyber security, cyber defense, cyberattack intensity function, Bernoulli equation, elasticity.
References
1. Барабаш О.В. Построение функционально устойчивых распределенных информационных систем: монография. К.: НАОУ, 2004. 224 с.
2. Almukaynizi, Mohammed, et al. "Predicting cyber threats through the dynamics of user connectivity in darkweb and deepweb forums." ACM Computational Social Science. (2017).
3. Almukaynizi, Mohammed, et al. "Proactive identification of exploits in the wild through vulnerability mentions online." IEEE CyCON, 2017.
4. Bilge, Leyla, and Tudor Dumitras. "Before we knew it: an empirical study of zero-day attacks in the real world." Proceedings of the 2012 ACM conference on Computer and communications security.
5. Khandpur, Rupinder Paul, et al. "Crowdsourcing cybersecurity: Cyber attack detection using social media." ACM CIKM 2017.
6. Liu, Yang, et al. "Cloudy with a Chance of Breach: Forecasting Cyber Security Incidents." USENIX Security Symposium. 2015.
7. Liu, Yang, et al. "Predicting cyber security incidents using featurebased characterization of network-level malicious activities." 2015 ACM International Workshop Security and Privacy Analytics.
8. Meier, Lukas, Sara Van De Geer, and Peter Bühlmann. "The group lasso for logistic regression." Journal of the Royal Statistical Society: Series B (Statistical Methodology) 70.1 (2008): 53-71.
9. A.P. Moore, R.J. Ellison, R.C. Linger. Attack Modeling for Information Security and Survivability. Technical Note CMU/SEI-2001-TN-001. Survivable Systems, 2001.
10. Nunes, Eric, et al. "Darknet and deepnet mining for proactive cybersecurity threat intelligence." IEEE ISI (2016).
11. Sabottke, Carl, Octavian Suciu, and Tudor Dumitras. "Vulnerability Disclosure in the Age of Social Media: Exploiting Twitter for Predicting Real-World Exploits." USENIX Security Symposium. 2015.
