TY - GEN
T1 - Estimating systematic risk in real-world networks
AU - Laszka, Aron
AU - Johnson, Benjamin
AU - Grossklags, Jens
AU - Felegyhazi, Mark
N1 - Funding Information:
This research was partly supported by the Penn State Institute for CyberScience, and the National Science Foundation under ITR award CCF-0424422 (TRUST). We also thank the reviewers for their comments on an earlier draft of the paper.
Publisher Copyright:
© International Financial Cryptography Association 2014.
PY - 2014
Y1 - 2014
N2 - Social, technical and business connections can all give rise to security risks. These risks can be substantial when individual compromises occur in combinations, and difficult to predict when some connections are not easily observed. A significant and relevant challenge is to predict these risks using only locally-derivable information. We illustrate by example that this challenge can be met if some general topological features of the connection network are known. By simulating an attack propagation on two large real-world networks, we identify structural regularities in the resulting loss distributions, from which we can relate various measures of a network’s risks to its topology. While deriving these formulae requires knowing or approximating the connective structure of the network, applying them requires only locally-derivable information. On the theoretical side, we show that our risk-estimating methodology gives good approximations on randomly-generated scale-free networks with parameters approximating those in our study. Since many real-world networks are formed through preferential attachment mechanisms that yield similar scale-free topologies, we expect this methodology to have a wider range of applications to risk management whenever a large number of connections is involved.
AB - Social, technical and business connections can all give rise to security risks. These risks can be substantial when individual compromises occur in combinations, and difficult to predict when some connections are not easily observed. A significant and relevant challenge is to predict these risks using only locally-derivable information. We illustrate by example that this challenge can be met if some general topological features of the connection network are known. By simulating an attack propagation on two large real-world networks, we identify structural regularities in the resulting loss distributions, from which we can relate various measures of a network’s risks to its topology. While deriving these formulae requires knowing or approximating the connective structure of the network, applying them requires only locally-derivable information. On the theoretical side, we show that our risk-estimating methodology gives good approximations on randomly-generated scale-free networks with parameters approximating those in our study. Since many real-world networks are formed through preferential attachment mechanisms that yield similar scale-free topologies, we expect this methodology to have a wider range of applications to risk management whenever a large number of connections is involved.
UR - http://www.scopus.com/inward/record.url?scp=84950307178&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84950307178&partnerID=8YFLogxK
U2 - 10.1007/978-3-662-45472-5_27
DO - 10.1007/978-3-662-45472-5_27
M3 - Conference contribution
AN - SCOPUS:84950307178
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 417
EP - 435
BT - Financial Cryptography and Data Security - 18th International Conference, FC 2014, Revised Selected Papers
A2 - Christin, Nicolas
A2 - Safavi-Naini, Reihaneh
PB - Springer Verlag
T2 - 18th International Conference on Financial Cryptography and Data Security, FC 2014
Y2 - 3 March 2014 through 7 March 2014
ER -