SPATIO-TEMPORAL ANALYSIS OF DEPENDENT RISK WITH AN APPLICATION TO CYBERATTACKS DATA

Cybersecurity is an important issue given the increasing risks due to cyberattacks in many areas. Cyberattacks could result in huge losses such as data breaches, failures in the control systems of infrastructures, physical damages in manufacturing industries, etc. As a result, cybersecurity-related research has grown rapidly for in-depth analysis. One main interest is to understand the correlated nature of cyberattack data. To understand such characteristics, we propose a spatio-temporal model for the hostwisely aggregated cyberattack data by incorporating the characteristics of the attackers. We develop a new dissimilarity measure as a proxy of spatial distance to be integrated into the model. The proposed model can be considered as a spatial extension of the GARCH model. The estimation is carried out using a Bayesian approach, which is demonstrated to work well in simulations. The proposed model is applied to publicly available honeypot data after the data are divided by selected features of the attackers via clustering. The estimated model parameters vary by groups of attackers, which was not revealed by modeling the entire dataset.