Predicting and Analysis of Phishing Attacks and Breaches In E-Commerce Websites

Authors

  • N. Ram Mohan  M. Tech Scholar Department of CSE, NRI Institute of Technology Visadala (V&M), Guntur(Dt), Andhra Pradesh, India
  • N. Praveen Kumar  Assistant Professor Department of CSE, NRI Institute of Technology Visadala (V&M), Guntur(Dt), Andhra Pradesh, India

DOI:

https://doi.org//10.32628/IJSRSET207443

Keywords:

Hacking, Cyber-Attacks, Cyber Threats, Breach Prediction, Times Series, Cybersecurity Data Analytics.

Abstract

Analyzing cyber incident data sets is an important method for deepening our understanding of the evolution of the threat situation. This is a relatively new research topic, and many studies remain to be done. In this paper, I reported a statistical analysis of a breach incident data set corresponding to 12 years (2005–2017) of cyber hacking activities that include malware attacks. I shown that, in contrast to the findings reported in the literature, both hacking breach incident inter-arrival times and breach sizes should be modeled by stochastic processes, rather than by distributions because they exhibit autocorrelations. Then, I proposed a particular stochastic process models to, respectively, fit the inter-arrival times and the breach sizes. I also shown that these models can predict the inter-arrival times and the breach sizes. In order to get deeper insights into the evolution of hacking breach incidents, we conduct both qualitative and quantitative trend analyses on the data set. I drew a set of cyber security insights, including that the threat of cyber hacks is indeed getting worse in terms of their frequency, but not in terms of the magnitude of their damage.

References

  1. P. R. Clearinghouse. Privacy Rights Clearinghouse’s Chronology of Data Breaches. Accessed: Nov. 2017. Online]. Available: https://www.privacyrights.org/data-breaches.
  2. ITR Center. Data Breaches Increase 40 Percent in 2016, Finds New Report From Identity Theft Resource Center and CyberScout. Accessed: Nov. 2017. Online]. Available: http://www.idtheftcenter.org/ 2016databreaches.html
  3. C. R. Center. Cybersecurity Incidents. Accessed: Nov. 2017. Online]. Available: https://www.opm.gov/cybersecurity/cybersecurity-incidents.
  4. IBM Security. Accessed: Nov. 2017. Online]. Available: https://www.ibm.com/security/data-breach/index.html.
  5. NetDiligence. The 2016 Cyber Claims Study. Accessed: Nov. 2017. Online]. Available: https://netdiligence.com/wp-content/uploads/2016/ 10/P02_NetDiligence-2016-Cyber-Claims-Study-ONLINE.pdf.
  6. M. Eling and W. Schnell, “What do we know about cyber risk and cyber risk insurance?” J. Risk Finance, vol. 17, no. 5, pp. 474-491, 2016.
  7. T. Maillart and D. Sornette, “Heavy-tailed distribution of cyber-risks,” Eur. Phys. J. B, vol. 75, no. 3, pp. 357-364, 2010.
  8. R. B. Security.Datalossdb. Accessed: Nov. 2017. Online]. Available: https://blog.datalossdb.org.
  9. B. Edwards, S. Hofmeyr, and S. Forrest, “Hype and heavy tails: A closer look at data breaches,” J. Cybersecur., vol. 2, no. 1, pp. 3-14, 2016.
  10. S. Wheatley, T. Maillart, and D. Sornette, “The extreme risk of personal data breaches and the erosion of privacy,” Eur. Phys. J. B, vol. 89, no. 1, p. 7, 2016.
  11. P. Embrechts, C. Klüppelberg, and T. Mikosch, Modelling Extremal Events: For Insurance and Finance, vol. 33. Berlin, Germany: Springer-Verlag, 2013.
  12. R. Böhme and G. Kataria, “Models and measures for correlation in cyber-insurance,” in Proc. Workshop Econ. Inf. Secur. (WEIS), 2006, pp. 1-26.
  13. H. Herath and T. Herath, “Copula-based actuarial model for pricing cyber-insurance policies,” Insurance Markets Companies: Anal. Actuarial Comput., vol. 2, no. 1, pp. 7-20, 2011.
  14. A. Mukhopadhyay, S. Chatterjee, D. Saha, A. Mahanti, and S. K. Sadhukhan, “Cyber-risk decision models: To insure it or not?” Decision Support Syst., vol. 56, pp. 11-26, Dec. 2013.
  15. M. Xu and L. Hua. (2017). Cybersecurity Insurance: Modeling and Pricing. Online]. Available: https://www.soa.org/research-reports/ 2017/cybersecurity-insurance.
  16. M. Xu, L. Hua, and S. Xu, “A vine copula model for predicting the effectiveness of cyber defense early-warning,” Technometrics, vol. 59, no. 4, pp. 508-520, 2017.
  17. C. Peng, M. Xu, S. Xu, and T. Hu, “Modeling multivariate cybersecurity risks,” J. Appl. Stat., pp. 1-23, 2018.
  18. M. Eling and N. Loper?do, “Data breaches: Goodness of ?t, pricing, and risk measurement,” Insurance, Math. Econ., vol. 75, pp. 126-136, Jul. 2017.
  19. K. K. Bagchi and G. Udo, “An analysis of the growth of computer and Internet security breaches,” Commun. Assoc. Inf. Syst., vol. 12, no. 1, p. 46, 2003.
  20. E. Condon, A. He, and M. Cukier, “Analysis of computer security incident data using time series models,” in Proc. 19th Int. Symp. Softw. Rel. Eng. (ISSRE), Nov. 2008, pp. 77-86.
  21. Z. Zhan, M. Xu, and S. Xu, “A characterization of cybersecurity posture from network telescope data,” in Proc. 6th Int. Conf. Trusted Syst., 2014, pp. 105-126. Online]. Available: http://www.cs.utsa.edu/~shxu/socs/intrust14.pdf.
  22. Z. Zhan, M. Xu, and S. Xu, “Characterizing honeypot-captured cyber attacks: Statistical framework and case study,” IEEETrans. Inf. Forensics Security, vol. 8, no. 11, pp. 1775-1789, Nov. 2013.
  23. Z. Zhan, M. Xu, and S. Xu, “Predicting cyber attack rates with extreme values,” IEEE Trans. Inf. Forensics Security, vol. 10, no. 8, pp. 1666-1677, Aug. 2015.
  24. Y.-Z. Chen, Z.-G. Huang, S. Xu, and Y.-C. Lai, “Spatiotemporal patterns and predictability of cyberattacks,” PLoS ONE, vol. 10, no. 5, p. e0124472, 2015.
  25. C. Peng, M. Xu, S. Xu, and T. Hu, “Modeling and predicting extreme cyber attack rates via marked point processes,” J. Appl. Stat., vol. 44, no. 14, pp. 2534-2563, 2017.
  26. J. Z. Bakdash et al. (2017). “Malware in the future? forecasting analyst detection of cyber events.” Online]. Available: https://arxiv.org/abs/1707.03243.
  27. Y. Liu et al., “Cloudy with a chance of breach: Forecasting cyber security incidents,” in Proc. 24th USENIX Secur. Symp., Washington, DC, USA, 2015, pp. 1009-1024.
  28. R. Sen and S. Borle, “Estimating the contextual risk of data breach: An empirical approach,” J. Manage. Inf. Syst., vol. 32, no. 2, pp. 314-341, 2015.
  29. F. Bisogni, H. Asghari, and M. Eeten, “Estimating the size of the iceberg from its tip,” in Proc. Workshop Econ. Inf. Secur. (WEIS), La Jolla, CA, USA, 2017.
  30. R. F. Engle and J. R. Russell, “Autoregressive conditional duration: A new model for irregularly spaced transaction data,” Econometrica, vol. 66, no. 5, pp. 1127-1162, 1998.

International Journal of Scientific Research in Science, Engineering and Technology

Downloads

Published

2020-08-30

Issue

Volume 7, Issue 4, July-August-2020

Section

Research Articles

License

Copyright (c) IJSRSET

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

[1]
N. Ram Mohan, N. Praveen Kumar, " Predicting and Analysis of Phishing Attacks and Breaches In E-Commerce Websites, International Journal of Scientific Research in Science, Engineering and Technology(IJSRSET), Print ISSN : 2395-1990, Online ISSN : 2394-4099, Volume 7, Issue 4, pp.170-175, July-August-2020. Available at doi : https://doi.org/10.32628/IJSRSET207443