Quantifying Security: Methods, Challenges and Applications

Abstract:

Data and cyber security, whether defined from the point of view of corporations, individuals, or Internet hosts/networks, have been studied from various perspectives, ranging from theoretical models, to measurement studies, and data-driven approaches that assess security by combining statistical analysis and with real-world data. In this dissertation, we explore the applicability of machine learning, and statistical modeling, in building algorithms that can make generalized statements regarding the security of real-world entities: (1) We assess the security of organizations, quantified as the likelihood of sustaining data incidents, by combining previous breach disclosures, with geographic, industry, size, and Internet traffic information, and evaluate techniques for estimating the distribution of risk among various incident categorizations, in order to guide resource allocation, and improve security policies; (2) we leverage field measurements of patch deployment on user machines, to quantify updating behaviors, inspect the dynamics between software vendors and consumers, and its impact on the security posture of user machines; and (3) we develop a framework for scalable analysis of Internet hosts, by distilling information obtained from global scans of the public Internet, into compact numerical fingerprints, and examine their utility for detecting malicious hosts, inferring unobserved attributes of servers, quantifying similarities, and characterizing networks.