Hostname: page-component-76fb5796d-vvkck Total loading time: 0 Render date: 2024-04-26T14:30:14.744Z Has data issue: false hasContentIssue false
  • English
  • Français

Multivariate Hawkes process for cyber insurance

Published online by Cambridge University Press:  17 June 2020

Yannick Bessy-Roland ,
Alexandre Boumezoued Open the ORCID record for Alexandre Boumezoued [Opens in a new window]  and
Caroline Hillairet
Yannick Bessy-Roland
Affiliation:
Milliman R&D, 14 Avenue de la Grande Armée, 75017Paris, France
Alexandre Boumezoued*
Affiliation:
Milliman R&D, 14 Avenue de la Grande Armée, 75017Paris, France
Caroline Hillairet
Affiliation:
CREST, UMR CNRS 9194, Ensae Paris, Avenue Henry Le Chatelier, 91120Palaiseau, France
*
*Corresponding author. E-mail: alexandre.boumezoued@milliman.com
Get access Rights & Permissions [Opens in a new window]

Abstract

In this paper, we propose a multivariate Hawkes framework for modelling and predicting cyber attacks frequency. The inference is based on a public data set containing features of data breaches targeting the US industry. As a main output of this paper, we demonstrate the ability of Hawkes models to capture self-excitation and interactions of data breaches depending on their type and targets. In this setting, we detail prediction results providing the full joint distribution of future cyber attacks times of occurrence. In addition, we show that a non-instantaneous excitation in the multivariate Hawkes model, which is not the classical framework of the exponential kernel, better fits with our data. In an insurance framework, this study allows to determine quantiles for number of attacks, useful for an internal model, as well as the frequency component for a data breach guarantee.

Keywords

Hawkes processCyber riskData breachesClusteringLasso inferencePredictionThinning algorithm
Type
Paper
Information
Annals of Actuarial Science , Volume 15 , Issue 1 , March 2021 , pp. 14 - 39
Copyright
© Institute and Faculty of Actuaries 2020

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

Bacry, E., Mastromatteo, I. & Muzy, J.-F. (2015) Hawkes processes in finance. Market Microstructure and Liquidity, 1(01), 1550005.CrossRefGoogle Scholar
Baldwin, A., Gheyas, I., Ioannidis, C., Pym, D. & Williams, J. (2017). Contagion in cyber security attacks. Journal of the Operational Research Society, 68(07), 780791.CrossRefGoogle Scholar
Barsotti, F., Milhaud, X. & Salhi, Y. (2016). Lapse risk in life insurance: correlation and contagion effects among policyholdersâ behaviors. Insurance: Mathematics and Economics, 71, 317331.Google Scholar
Biener, C., Eling, M. & Wirfs, J.H. (2015). Insurability of cyber risk: an empirical analysis. The Geneva Papers on Risk and Insurance-Issues and Practice, 40(1), 131158.CrossRefGoogle Scholar
Böhme, R. & Kataria, G. (2006). Models and measures for correlation in cyber-insurance. In WEIS.Google Scholar
Brémaud, P. & Massoulié, L. (1996). Stability of nonlinear hawkes processes. The Annals of Probability, 24(3), 15631588.Google Scholar
Brémaud, P. & Massoulié, L. (2002). Power spectra of general shot noises and hawkes point processes with a random excitation. Advances in Applied Probability, 34(1), 205222.CrossRefGoogle Scholar
Boumezoued, A. (2016). Population viewpoint on Hawkes processes. Advances in Applied Probability, 48(2), 463480.CrossRefGoogle Scholar
Böhme, R. & Schwartz, G. (2010). Modeling cyber-insurance: Towards a unifying framework. In WEIS.Google Scholar
Daley, D.J. & Vere-Jones, D. (2007). An Introduction to the Theory of Point Processes: Volume II: General Theory and Structure. Springer Science & Business Media, Berlin. Google Scholar
Edwards, B., Hofmeyr, S. & Forrest, S. (2016). Hype and heavy tails: a closer look at data breaches. Journal of Cybersecurity, 2(1), 314.CrossRefGoogle Scholar
Eling, M. & Loperfido, N. (2017). Data breaches: goodness of fit, pricing, and risk measurement. Insurance: Mathematics and Economics, 75, 126136.Google Scholar
Eling, M. & Schnell, W. (2016). What do we know about cyber risk and cyber risk insurance? The Journal of Risk Finance, 17(5), 474491.CrossRefGoogle Scholar
Embrechts, P., Liniger, T. & Lin, L. (2011). Multivariate hawkes processes: an application to financial data. Journal of Applied Probability, 48(A), 367378.CrossRefGoogle Scholar
Errais, E., Giesecke, K. & Goldberg, L.R. (2010). Affine point processes and portfolio credit risk. SIAM Journal on Financial Mathematics, 1(1), 642665.CrossRefGoogle Scholar
Farkas, S., Lopez, O. & Thomas, M. (2020). Cyber claim analysis through generalised pareto regression trees with applications to insurance. Available online at the address https://hal.archives-ouvertes.fr/hal-02118080v2/document.Google Scholar
Fahrenwaldt, M.A., Weber, S. & Weske, K. (2018). Pricing of cyber insurance contracts in a network model. ASTIN Bulletin: The Journal of the IAA, 48(3), 11751218.CrossRefGoogle Scholar
Garcia, N.L. & Kurtz, T.G. (2008). Spatial point processes and the projection method. In V. Sidoravicius & M.E. Vares (Eds.), In and Out of Equilibrium 2. Progress in Probability (vol 60, pp. 271–298). Birkhäuser Basel.Google Scholar
Hainaut, D. (2016). A bivariate hawkes process for interest rate modeling. Economic Modelling, 57, 180196.CrossRefGoogle Scholar
Hardiman, S.J., Bercot, N. & Bouchaud, J.-P. (2013). Critical reflexivity in financial markets: a hawkes process analysis. The European Physical Journal B, 86(10), 442.CrossRefGoogle Scholar
Hawkes, A.G. (1971). Spectra of some self-exciting and mutually exciting point processes. Biometrika, 58(1), 8390.CrossRefGoogle Scholar
Herath, H. & Herath, T. (2011). Copula-based actuarial model for pricing cyber-insurance policies. Insurance Markets and Companies: Analyses and Actuarial Computations, 2(1), 720.Google Scholar
Homer, J., Zhang, S., Ou, X., Schmidt, D., Du, Y., Raj Rajagopalan, S. & Singhal, A. (2013). Aggregating vulnerability metrics in enterprise networks using attack graphs. Journal of Computer Security, 21(4), 561597.CrossRefGoogle Scholar
Jacobs, J. (2014). Analysing ponemon cost of data breach. In Data Driven Security, 11. Available online at the address http://datadrivensecurity.info/blog/posts/2014/Dec/ponemon/.Google Scholar
Jaisson, T. (2015). Market Activity and Price Impact Throughout Time Scales. PhD thesis, Ecole Polytechnique.Google Scholar
Jang, J. & Dassios, A. (2013). A bivariate shot noise self-exciting process for insurance. Insurance: Mathematics and Economics, 53(3), 524532.Google Scholar
Johnson, B., Böhme, R. & Grossklags, J. (2011). Security games with market insurance. In International Conference on Decision and Game Theory for Security (pp. 117130). Springer.CrossRefGoogle Scholar
Marotta, A., Martinelli, F., Nanni, S., Orlando, A. & Yautsiukhin, A. (2017). Cyber-insurance survey. Computer Science Review, 24, 3561.CrossRefGoogle Scholar
Maillart, T. & Sornette, D. (2010). Heavy-tailed distribution of cyber-risks. The European Physical Journal B, 75(3), 357364.CrossRefGoogle Scholar
Noel, S., Jajodia, S., Wang, L. & Singhal, A. (2010). Measuring security risk of networks using attack graphs. International Journal of Next-Generation Computing, 1(1), 135147.Google Scholar
Ozaki, T. (1979). Maximum likelihood estimation of hawkes’ self-exciting point processes. Annals of the Institute of Statistical Mathematics, 31(1), 145155.CrossRefGoogle Scholar
Peng, C., Xu, M., Xu, S. & Hu, T. (2017). Modeling and predicting extreme cyber attack rates via marked point processes. Journal of Applied Statistics, 44(14), 25342563.CrossRefGoogle Scholar
Riek, M., Böhme, R., Ciere, M., Ganan, C. & van Eeten, M. (2016). Estimating the costs of consumer-facing cybercrime: a tailored instrument and representative data for six eu countries. In Workshop on the Economics of Information Security (WEIS), University of California at Berkeley.Google Scholar
Rios Insua, D., Couce-Vieira, A., Rubio, J.A., Pieters, W., Labunets, K. & Rasines, D.G. (2019). An adversarial risk analysis framework for cybersecurity. Risk Analysis. doi:10.1111/risa.13331.Google ScholarPubMed
Rizoiu, M.-A., Lee, Y., Mishra, S. & Xie, L. (2017). A tutorial on hawkes processes for events in social media. arXiv preprint .Google Scholar
Romanosky, S. (2016). Examining the costs and causes of cyber incidents. Journal of Cybersecurity, 2(2), 121135.Google Scholar
Saini, D.K., Azad, I., Raut, N.B. & Hadimani, L.A. (2011). Utility implementation for cyber risk insurance modeling. In Proceedings of the World Congress on Engineering, vol. 1.Google Scholar
Stabile, G. & Torrisi, G.L. (2010). Risk processes with non-stationary hawkes claims arrivals. Methodology and Computing in Applied Probability, 12(3), 415429.CrossRefGoogle Scholar
Wang, S.S. (2019). Integrated framework for information security investment and cyber insurance. Pacific-Basin Finance Journal, 57, 101173.CrossRefGoogle Scholar
Xu, M. & Hua, L. (2019). Cybersecurity insurance: modeling and pricing. North American Actuarial Journal, 23(2), 220249.CrossRefGoogle Scholar