Analysis of business demography using markov chains : an application to Belgian data

This paper applies the theory of finite Markov chains to analyse the demographic evolution of Belgian enterprises. While other methodologies concentrate on the entry and exit of firms, the Markov approach also analyses migrations between economic sectors. Besides helping to provide a fuller picture of the evolution of the population, Markov chains also enable forecasts of its future composition to be made, as well as the computation of average lifetimes of companies by branch of activity. The method is applied to Belgian data from the Crossroads Bank for Enterprises (CBE). To ensure compliance with Eurostat-OECD definitions, only 'active' enterprises, i.e. enterprises with a positive turnover and/or at least one employee, are considered. The forecasting method is applied to simulate the demographic evolution of the CBE population between 2000 and 2006. This simulation seems to match well the observed changes. Taking migrations into account yields better forecasts than if they are not considered. Moreover, several off-diagonal percentages in the transition matrix are sigificantly different from zero. A case study shows that these migrations are changes in main activity and not the consequence of corrections of wrongly classified firms. Next, the average remaining lifetime and the average age of enterprises in a particular branch of activity is computed and analysed. These lifetimes and ages differ considerably across branches. As expected the life-times of public services are longer than average. Shorter lifetimes combined with an increasing number of enterprises is an indication of renewal inside the branch. A low average age is a sign of relatively new branches. Comparing age to total expected lifetime yields an indicator of closeness to extinction. This might be an indicator of the maturity of the branch. The method is more generally applicable in the sense that it can be used to analyse other populations than those from the CBE and other partitions of the populationBusiness demography, Markov chains, Transition matrix

Malware in the Future? Forecasting of Analyst Detection of Cyber Events

There have been extensive efforts in government, academia, and industry to anticipate, forecast, and mitigate cyber attacks. A common approach is time-series forecasting of cyber attacks based on data from network telescopes, honeypots, and automated intrusion detection/prevention systems. This research has uncovered key insights such as systematicity in cyber attacks. Here, we propose an alternate perspective of this problem by performing forecasting of attacks that are analyst-detected and -verified occurrences of malware. We call these instances of malware cyber event data. Specifically, our dataset was analyst-detected incidents from a large operational Computer Security Service Provider (CSSP) for the U.S. Department of Defense, which rarely relies only on automated systems. Our data set consists of weekly counts of cyber events over approximately seven years. Since all cyber events were validated by analysts, our dataset is unlikely to have false positives which are often endemic in other sources of data. Further, the higher-quality data could be used for a number for resource allocation, estimation of security resources, and the development of effective risk-management strategies. We used a Bayesian State Space Model for forecasting and found that events one week ahead could be predicted. To quantify bursts, we used a Markov model. Our findings of systematicity in analyst-detected cyber attacks are consistent with previous work using other sources. The advanced information provided by a forecast may help with threat awareness by providing a probable value and range for future cyber events one week ahead. Other potential applications for cyber event forecasting include proactive allocation of resources and capabilities for cyber defense (e.g., analyst staffing and sensor configuration) in CSSPs. Enhanced threat awareness may improve cybersecurity.Comment: Revised version resubmitted to journa

Assessing Security Risk to a Network Using a Statistical Model of Attacker Community Competence

We propose a novel approach for statistical risk modeling of network attacks that lets an operator perform risk analysis using a data model and an impact model on top of an attack graph in combination with a statistical model of the attacker community exploitation skill. The data model describes how data flows between nodes in the network -- how it is copied and processed by softwares and hosts -- while the impact model models how exploitation of vulnerabilities affects the data flows with respect to the confidentiality, integrity and availability of the data. In addition, by assigning a loss value to a compromised data set, we can estimate the cost of a successful attack. The statistical model lets us incorporate real-time monitor data from a honeypot in the risk calculation. The exploitation skill distribution is inferred by first classifying each vulnerability into a required exploitation skill-level category, then mapping each skill-level into a distribution over the required exploitation skill, and last applying Bayesian inference over the attack data. The final security risk is thereafter computed by marginalizing over the exploitation skill

Extending Credit Risk (Pricing) Models for the Simulation of Portfolios of Interest Rate and Credit Risk Sensitive Securities

We discuss extensions of intensity based models for pricing credit risk and derivative securities to the simulation and valuation of portfolios. The stochasticity in interest rates, credit spreads (default intensities) and rating migrations are incorporated in a unified framework. Scenarios of future prices of all securities are calculated in a risk-neutral world. The calculated prices are consistent with observed prices and the term structure of default free and defaultable interest rates. Three applications are discussed: (i) study of the inter-temporal price sensitivity of credit bonds to changes in interest rates, default probabilities, recovery rates and rating migration, (ii) portfolio simulations with attribution of changes to credit events and interest rates and, (iii) tracking of corporate bond indices. Key words: credit risk, default risk, simulation, integrated product management

Bayesian Poisson Log-Bilinear Mortality Projections

Mortality projections are major concerns for public policy, social security and private insurance. This paper implements a Bayesian log-bilinear Poisson regression model to forecast mortality. Computations are carried out using Markov Chain Monte Carlo methods in which the degree of smoothing is learnt from the data. Comparisons are made with the approach proposed by Brouhns, Denuit & Vermunt (2002a,b), as well as with the original model of Lee & Carter (1992)

Characterization of Model-Based Detectors for CPS Sensor Faults/Attacks

A vector-valued model-based cumulative sum (CUSUM) procedure is proposed for identifying faulty/falsified sensor measurements. First, given the system dynamics, we derive tools for tuning the CUSUM procedure in the fault/attack free case to fulfill a desired detection performance (in terms of false alarm rate). We use the widely-used chi-squared fault/attack detection procedure as a benchmark to compare the performance of the CUSUM. In particular, we characterize the state degradation that a class of attacks can induce to the system while enforcing that the detectors (CUSUM and chi-squared) do not raise alarms. In doing so, we find the upper bound of state degradation that is possible by an undetected attacker. We quantify the advantage of using a dynamic detector (CUSUM), which leverages the history of the state, over a static detector (chi-squared) which uses a single measurement at a time. Simulations of a chemical reactor with heat exchanger are presented to illustrate the performance of our tools.Comment: Submitted to IEEE Transactions on Control Systems Technolog

The Role of Credibility and Fundamentals in a Funded Pension System: A Markov Switching Analysis for Australia and Iceland

Since the turn of the millennium the problem of credibility of the social security system has spread to the private pension funds sector. This is evident for those countries, like Australia and Iceland, that have very large funded pensions assets as a result of strong pension reforms. The problem of trust could prevent pension fund investment from continuing to grow, weakening the privatization of the social security system. The objective of this study is to obtain new insights into the determinants of pension funds. We focus our analysis on the Australian and Icelandic experiences to study the credibility of pension fund performance and, as a consequence, of pension reform. Our credibility indicator is derived from a CAPM time-varying model. It can be used to investigate, using a Markov switching model, the linkages between economic fundamentals and the credibility of pension fund investment and the asymmetric effects of the fundamentals in the two regimes of low and hight credibillity. Our findings make a contribution to modelling policy credibility as a non-linear process with two distinct regimes. We also found large differences in the value of the coefficients for all macroeconomic variables between the low and high credibility regimes. This evidence strongly supports the hypothesis that the effects of macroeconomic fundamental variables on the level of credibility are asymmetric in all countries.Credibility, pension funds, Kalman filter, Markov switching model