Cyber–physical risk modeling with imperfect cyber-attackers

Profiling cyber attackers using Case-based Reasoning

Computer security would arguably benefit from more information on the characteristics of the particular human attacker behind a security incident. Nevertheless, technical security mechanisms have always focused on the attack's characteristics rather than the attacker's. The latter is a challenging problem, as relevant data cannot easily be found. We argue that the cyber traces left by a human a...

Testing a low-interaction honeypot against live cyber attackers

Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instruction, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including s...

Out-Learning Attackers: A Game Theoretic Approach to Cyber Defense

Understanding Bifurcation of Slow Versus Fast Cyber-Attackers

Anecdotally, the distinction between fast “Smash-and-Grab” cyber-attacks on the one hand and slow attacks or “Advanced Persistent Threats” on the other hand is well known. In this article, we provide an explanation for this phenomenon as the outcome of an optimization from the perspective of the attacker. To this end, we model attacks as an interaction between an attacker and a defender and inf...

Cyber Risk Exposure and Prospects for Cyber Insurance

This study draws attention to the ubiquitous and borderless nature of cybercrime. It examines the prospect of introducing customized cyber insurance policy in the Nigerian market. As secondary data was not available, the study conducted a survey by administering three sets of questionnaire to purposively selected top executives in four Trade Groups that rely heavily on Internet transactions for...