Malware in the Future? Forecasting of Analyst Detection of Cyber Events

There have been extensive efforts in government, academia, and industry to anticipate, forecast, and mitigate cyber attacks. A common approach is time-series forecasting of cyber attacks based on data from network telescopes, honeypots, and automated intrusion detection/prevention systems. This research has uncovered key insights such as systematicity in cyber attacks. Here, we propose an alternate perspective of this problem by performing forecasting of attacks that are analyst-detected and -verified occurrences of malware. We call these instances of malware cyber event data. Specifically, our dataset was analyst-detected incidents from a large operational Computer Security Service Provider (CSSP) for the U.S. Department of Defense, which rarely relies only on automated systems. Our data set consists of weekly counts of cyber events over approximately seven years. Since all cyber events were validated by analysts, our dataset is unlikely to have false positives which are often endemic in other sources of data. Further, the higher-quality data could be used for a number for resource allocation, estimation of security resources, and the development of effective risk-management strategies. We used a Bayesian State Space Model for forecasting and found that events one week ahead could be predicted. To quantify bursts, we used a Markov model. Our findings of systematicity in analyst-detected cyber attacks are consistent with previous work using other sources. The advanced information provided by a forecast may help with threat awareness by providing a probable value and range for future cyber events one week ahead. Other potential applications for cyber event forecasting include proactive allocation of resources and capabilities for cyber defense (e.g., analyst staffing and sensor configuration) in CSSPs. Enhanced threat awareness may improve cybersecurity.Comment: Revised version resubmitted to journa

“This is the way ‘I’ create my passwords ...":does the endowment effect deter people from changing the way they create their passwords?

The endowment effect is the term used to describe a phenomenon that manifests as a reluctance to relinquish owned artifacts, even when a viable or better substitute is offered. It has been confirmed by multiple studies when it comes to ownership of physical artifacts. If computer users also "own", and are attached to, their personal security routines, such feelings could conceivably activate the same endowment effect. This would, in turn, lead to their over-estimating the \value" of their existing routines, in terms of the protection they afford, and the risks they mitigate. They might well, as a consequence, not countenance any efforts to persuade them to adopt a more secure routine, because their comparison of pre-existing and proposed new routine is skewed by the activation of the endowment effect.In this paper, we report on an investigation into the possibility that the endowment effect activates when people adopt personal password creation routines. We did indeed find evidence that the endowment effect is likely to be triggered in this context. This constitutes one explanation for the failure of many security awareness drives to improve password strength. We conclude by suggesting directions for future research to confirm our findings, and to investigate the activation of the effect for other security routines

A sustainable village phone model to serve the rural developing world

Wireless technologies have created an unprecedented opportunity for rural customers in the developing world to solve their communication and information problems in an instantaneous, interactive and customized way. The framework of the study focuses on existing mobile village phone model in Bangladesh and suggests ways to make it sustainable through mobile information services marketing. The study has treated ‘village phone’ as a cost effective and interactive channel through which various time befitting information can be marketed to serve customers in the rural settings

Context-awareness for mobile sensing: a survey and future directions

The evolution of smartphones together with increasing computational power have empowered developers to create innovative context-aware applications for recognizing user related social and cognitive activities in any situation and at any location. The existence and awareness of the context provides the capability of being conscious of physical environments or situations around mobile device users. This allows network services to respond proactively and intelligently based on such awareness. The key idea behind context-aware applications is to encourage users to collect, analyze and share local sensory knowledge in the purpose for a large scale community use by creating a smart network. The desired network is capable of making autonomous logical decisions to actuate environmental objects, and also assist individuals. However, many open challenges remain, which are mostly arisen due to the middleware services provided in mobile devices have limited resources in terms of power, memory and bandwidth. Thus, it becomes critically important to study how the drawbacks can be elaborated and resolved, and at the same time better understand the opportunities for the research community to contribute to the context-awareness. To this end, this paper surveys the literature over the period of 1991-2014 from the emerging concepts to applications of context-awareness in mobile platforms by providing up-to-date research and future research directions. Moreover, it points out the challenges faced in this regard and enlighten them by proposing possible solutions

Willingness to Comply with Corporate Law: An Interdisciplinary Teaching Method in Higher Education

Using an innovation training project, an interdisciplinary cross-sectional teaching strategy was developed to enhance students’ willingness to comply with the law. Thirty-five business, finance and accounting teachers examined the effects of ethical education on 484 university students’ willingness to comply with corporate law. Ethical education was based on building students’ ethical decisions on three court judgments in the new Spanish Corporate Governance Code. The ethical training was carried out by developing and applying social justice counter arguments. This perspective allowed students to imagine what decisions other person could have taken if they had managed the company ethically. The results suggest that ethics education in higher education can improve the willingness to comply the law. This methodology can be applied to interdisciplinary departments teaching ethics in business, finance and accounting

Attachment Styles Within the Coach-Athlete Dyad: Preliminary Investigation and Assessment Development

The present preliminary study aimed to develop and examine the psychometric properties of a new sport-specific self-report instrument designed to assess athletes’ and coaches’ attachment styles. The development and initial validation comprised three main phases. In Phase 1, a pool of items was generated based on pre-existing self-report attachment instruments, modified to reflect a coach and an athlete’s style of attachment. In Phase 2, the content validity of the items was assessed by a panel of experts. A final scale was developed and administered to 405 coaches and 298 athletes (N = 703 participants). In Phase 3, confirmatory factor analysis of the obtained data was conducted to determine the final items of the Coach-Athlete Attachment Scale (CAAS). Confirmatory factor analysis revealed acceptable goodness of fit indexes for a 3-first order factor model as well as a 2-first order factor model for both the athlete and the coach data, respectively. A secure attachment style positively predicted relationship satisfaction, while an insecure attachment style was a negative predictor of relationship satisfaction. The CAAS revealed initial psychometric properties of content, factorial, and predictive validity, as well as reliability

Impact of Cross-listing on Local Stock Returns: Case of Russian ADRs

The paper examines the impact of American Depositary Receipt (ADR) listings on the return of the underlying Russian stocks. The contribution of this paper is twofold. First, it looks at a new sample of ADRs issued by Russian companies. Second, the technique used to estimate the market model is different from the previous studies. The returns are modeled to follow GARCH process, as opposed to the regular OLS procedure, which assumes homoscedasticity in residual returns. Average abnormal returns and cumulative average abnormal returns are calculated for the [-25, +25] event window, with the ADR listing date being the event date. The results indicate a significant negative abnormal local market return on an ADR listing day. The return volatilities after the listing are compared to those before the listing. Eleven out of sixteen companies experienced increased volatility of local returns after the cross-listing.http://deepblue.lib.umich.edu/bitstream/2027.42/40077/3/wp691.pd