Predictive Methods in Cyber Defense: Current Experience and Research Challenges

Predictive analysis allows next-generation cyber defense that is more proactive than current approaches based on intrusion detection. In this paper, we discuss various aspects of predictive methods in cyber defense and illustrate them on three examples of recent approaches. The first approach uses data mining to extract frequent attack scenarios and uses them to project ongoing cyberattacks. The second approach uses a dynamic network entity reputation score to predict malicious actors. The third approach uses time series analysis to forecast attack rates in the network. This paper presents a unique evaluation of the three distinct methods in a common environment of an intrusion detection alert sharing platform, which allows for a comparison of the approaches and illustrates the capabilities of predictive analysis for current and future research and cybersecurity operations. Our experiments show that all three methods achieved a sufficient technology readiness level for experimental deployment in an operational setting with promising accuracy and usability. Namely prediction and projection methods, despite their differences, are highly usable for predictive blacklisting, the first provides a more detailed output, and the second is more extensible. Network security situation forecasting is lightweight and displays very high accuracy, but does not provide details on predicted events

Analysis of the Infection and the Injection Phases of the Telnet Botnets

With the number of Internet of Things devices increasing, also the number of vulnerable devices connected to the Internet increases. These devices can become part of botnets and cause damage to the Internet infrastructure. In this paper we study telnet botnets and their behaviour in the first two stages of its lifecycle - initial infection, and secondary infection. The main objective of this paper is to determine specific attributes of their behavior during these stages and design a model for profiling threat agents into telnet botnets groups. We implemented a telnet honeynet and analyzed collected data. Also, we applied clustering methods for security incident profiling. We consider K-modes and PAM clustering algorithms. We found out that a number of sessions and credential guessing are easily collected and United States of Americable attributes for threat agents profiling

Reducing the environmental impact of surgery on a global scale: systematic review and co-prioritization with healthcare workers in 132 countries

Abstract Background Healthcare cannot achieve net-zero carbon without addressing operating theatres. The aim of this study was to prioritize feasible interventions to reduce the environmental impact of operating theatres. Methods This study adopted a four-phase Delphi consensus co-prioritization methodology. In phase 1, a systematic review of published interventions and global consultation of perioperative healthcare professionals were used to longlist interventions. In phase 2, iterative thematic analysis consolidated comparable interventions into a shortlist. In phase 3, the shortlist was co-prioritized based on patient and clinician views on acceptability, feasibility, and safety. In phase 4, ranked lists of interventions were presented by their relevance to high-income countries and low–middle-income countries. Results In phase 1, 43 interventions were identified, which had low uptake in practice according to 3042 professionals globally. In phase 2, a shortlist of 15 intervention domains was generated. In phase 3, interventions were deemed acceptable for more than 90 per cent of patients except for reducing general anaesthesia (84 per cent) and re-sterilization of ‘single-use’ consumables (86 per cent). In phase 4, the top three shortlisted interventions for high-income countries were: introducing recycling; reducing use of anaesthetic gases; and appropriate clinical waste processing. In phase 4, the top three shortlisted interventions for low–middle-income countries were: introducing reusable surgical devices; reducing use of consumables; and reducing the use of general anaesthesia. Conclusion This is a step toward environmentally sustainable operating environments with actionable interventions applicable to both high– and low–middle–income countries

A procedure for combining zero and sign restrictions in aVAR-identification scheme

In this paper we describe a procedure for implementing zero restrictions within the context of a sign restrictions identification scheme for VARs. The procedure introduces an additional step into the algorithm outlined in Fry and Pagan (2011) and Rubio-Ramirez et al (2006) for implementing sign restrictions. This extra step involves rotating a candidate identification matrix using Givens rotation matrices to introduce zero restrictions. We then check whether the elements of the candidate matrix satisfy the sign restrictions as usual. We illustrate how our procedure works by generating artificial data from the theoretical model of An and Schorfheide (2007), which implies certain restrictions on the impact of its structural shocks on the model's endogenous variables. We exploit our knowledge of that pattern to identify structural shocks from the reduced-form errors of a VAR estimated on the simulated data. Imposing zero restrictions, as well as sign restrictions, can be useful – and in some cases essential – for identifying economically-interpretable – `structural' – shocks from the reduced-form innovations to a VAR. This is because it is often the case that an economic theory used to motivate these identifying restrictions implies certain variables do not respond at all to some shocks. For example, in the An and Schorfheide (2007) model we consider, shocks to government spending have no effect on inflation or the nominal interest rate – i.e. the impulse response is zero. Therefore, to obtain accurate, empirical estimates of the government spending shock in this model using a structural VAR estimated on data for its observable variables, it would be necessary to impose a zero restriction on the response of inflation and the nominal interest rate to the shock identified with government spending

Fan charts 2.0: Flexible forecast distributions with expert judgement

I propose a new model, conditional quantile regression (CQR), that generates density forecasts consistent with a specific view of the future evolution of some variables. This addresses a shortcoming of existing quantile regression-based models, for example the at-risk framework popularised by Adrian et al. (2019), when used in settings, such as most forecasting processes within central banks and similar institutions, that require forecasts to be conditional on a set of technical assumptions. Through an application to house price inflation in the euro area, I show that CQR provides a viable alternative to existing approaches to conditional density forecasting, notably Bayesian VARs, with considerable advantages in terms of flexibility and additional insights that do not come at the cost of forecasting performance

Attention to the tail(s): Global financial conditions and exchange rate risks

We document how the distribution of exchange rate returns responds to changes in global financial conditions. We measure global financial conditions as the common component of country-specific financial condition indices, computed consistently across a large panel of developed and emerging economies. Based on quantile regression results, we provide a characterisation and ranking of the tail behaviour of a large sample of currencies in response to a tightening of global financial conditions, corroborating (and quantifying) some of the prevailing narratives about safe haven and risky currencies. Our approach delivers a more nuanced picture than one based on standard OLS regression. We then carry out a portfolio sorting exercise to identify the macroeconomic fundamentals associated with such different tail behaviour, and find that currency portfolios sorted on the basis of net foreign asset positions, relative interest rates, current account balances and levels of international reserves display a higher likelihood of large losses in response to a tightening of global financial conditions

How Does International Capital Flow?

Understanding gross capital flows is increasingly viewed as crucial for both macroeconomic and financial stability policies, but theory is lagging behind many key policy debates. We fill this gap by developing a two-country DSGE model that tracks domestic and cross-border gross positions between banks and households, with explicit settlement of all transactions through banks. We formalise the conceptual distinction between cross-border saving and financing, which often move in opposite directions in response to shocks. This matters for at least four policy debates. First, current accounts are poor indicators of financial vulnerability, because in a crisis, creditors stop financing debt rather than current accounts, and because following a crisis, current accounts are not the primary channel through which balance sheets adjust. Second, we reinterpret the global saving glut hypothesis by arguing that US households do not finance current account deficits with foreigners' physical saving, but with digital purchasing power, created by banks that are more likely to be domestic than foreign. Third, Triffin's current account dilemma is not in fact a dilemma, because the creation of additional US dollars requires dollar credit creation by US and non-US banks rather than US current account deficits. Finally, we demonstrate that the observed high correlation of gross capital inflows and outflows is overwhelmingly an automatic consequence of double entry bookkeeping, rather than the result of two separate sets of economic decisions

Striking a bargain: Narrative identification of wage bargaining shocks

We quantify the effects of wage bargaining shocks on macroeconomic aggregates using a structural vector auto-regression model for Germany. We identify exogenous variation in bargaining power from episodes of minimum wage introduction and industrial disputes. This narrative information disciplines the impulse responses to a wage bargaining shock of unemployment and output, and sharpens inference on the behaviour of other variables. The implied transmission mechanism is in line with the theoretical predictions of a large class of search and matching models. We also find that wage bargaining shocks explain a sizeable share of aggregate uctuations in unemployment and in ation, that their pass-through to prices is very close to being full, and that they imply plausible dynamics for the vacancy rate, firms' profits, and the labour share