Maochao Xu

Stochastic comparisons of parallel systems when components have proportional hazard rates

Let X1, …, Xn be independent random variables with Xi having survival function Fλi, i = 1, …, n, and let Y1, …,Yn be a random sample with common population survival distribution Fλ, where λ=Σi=1 nλi/n. Let Xn:n and Yn:n denote the lifetimes of the parallel systems consisting of these components, respectively. It is shown that Xn:n is greater than Yn:n in terms of likelihood ratio order. It is also proved that the sample range Xn:n X1:n is larger than Yn:n Y1:n according to reverse hazard rate ordering. These two results strengthen and generalize the results in Dykstra, Kochar, and Rojo [6] and Kochar and Rojo [11], respectively.

Characterizing Honeypot-Captured Cyber Attacks: Statistical Framework and Case Study

Rigorously characterizing the statistical properties of cyber attacks is an important problem. In this paper, we propose the first statistical framework for rigorously analyzing honeypot-captured cyber attack data. The framework is built on the novel concept of stochastic cyber attack process, a new kind of mathematical objects for describing cyber attacks. To demonstrate use of the framework, we apply it to analyze a low-interaction honeypot dataset, while noting that the framework can be equally applied to analyze high-interaction honeypot data that contains richer information about the attacks. The case study finds, for the first time, that long-range dependence (LRD) is exhibited by honeypot-captured cyber attacks. The case study confirms that by exploiting the statistical properties (LRD in this case), it is feasible to predict cyber attacks (at least in terms of attack rate) with good accuracy. This kind of prediction capability would provide sufficient early-warning time for defenders to adjust their defense configurations or resource allocations. The idea of “gray-box” (rather than “black-box”) prediction is central to the utility of the statistical framework, and represents a significant step towards ultimately understanding (the degree of) the predictability of cyber attacks.

On the right spread order of convolutions of heterogeneous exponential random variables

A sufficient condition for comparing convolutions of heterogeneous exponential random variables in terms of right spread order is established. As a consequence, it is shown that a convolution of heterogeneous independent exponential random variables is more skewed than that of homogeneous exponential random variables in the sense of NBUE order. This gives a new insight into the distribution theory of convolutions of independent random variables. A sufficient condition is also derived for comparing such convolutions in terms of Lorenz order.

On residual lifetimes of k-out-of-n systems with nonidentical components

In this article, mixture representations of survival functions of residual lifetimes of k-out-of-n systems are obtained when the components are independent but not necessarily identically distributed. Then we stochastically compare the residual lifetimes of k-out-of-n systems in one-and two-sample problems. In particular, the results extend some results in Li and Zhao [14], Khaledi and Shaked [13], Sadegh [17], Gurler and Bairamov [7] and Navarro, Balakrishnan, and Samaniego [16]. Applications in the proportional hazard rates model are presented as well.

Some unified results on comparing linear combinations of independent gamma random variables

In this paper, a new sufficient condition for comparing linear combinations of independent gamma random variables according to star ordering is given. This unifies some of the newly proved results on this problem. Equivalent characterizations between various stochastic orders are established by utilizing the new condition. The main results in this paper generalize and unify several results in the literature including those of Amiri, Khaledi, and Samaniego [2], Zhao [18], and Kochar and Xu [9].

An Extended Stochastic Model for Quantitative Security Analysis of Networked Systems

Abstract Quantitative security analysis of networked computer systems has been an open problem in computer security for decades. Recently, a promising approach was proposed in [Li et al. 11], which, however, made some strong assumptions including the exponential distribution of, and the independence among, the relevant random variables. In this paper, we substantially weaken these assumptions while offering, in addition to the same types of analytical results as in [Li et al. 11], methods for obtaining the desired security quantities in practice. Moreover, we investigate the problem from a higher-level abstraction, which also leads to both analytical results and practical methods for obtaining the desired security quantities. These should represent a significant step toward ultimately solving the problem of quantitative security analysis of networked computer systems.

Stochastic Comparisons of Spacings from Heterogeneous Samples

In this paper we review some of the recently obtained results in the area of stochastic comparisons of sample spacings when the observations are not necessarily identically distributed. A few new results on necessary and sufficient conditions for various stochastic orderings among spacings are also given. The paper is concluded with some examples and applications.

A Characterization of Cybersecurity Posture from Network Telescope Data

Data-driven understanding of cybersecurity posture is an important problem that has not been adequately explored. In this paper, we analyze some real data collected by CAIDAs network telescope during the month of March 2013. We propose to formalize the concept of cybersecurity posture from the perspectives of three kinds of time series: the number of victims i.e., telescope IP addresses that are attacked, the number of attackers that are observed by the telescope, and the number of attacks that are observed by the telescope. Characterizing cybersecurity posture therefore becomes investigating the phenomena and statistical properties exhibited by these time series, and explaining their cybersecurity meanings. For example, we propose the concept of sweep-time, and show that sweep-time should be modeled by stochastic process, rather than random variable. We report that the number of attackers and attacks from a certain country dominates the total number of attackers and attacks that are observed by the telescope. We also show that substantially smaller network telescopes might not be as useful as a large telescope.

A new approach to modeling and analyzing security of networked systems

Modeling and analyzing security of networked systems is an important problem in the emerging Science of Security and has been under active investigation. In this paper, we propose a new approach towards tackling the problem. Our approach is inspired by the shock model and random environment techniques in the Theory of Reliability, while accommodating security ingredients. To the best of our knowledge, our model is the first that can accommodate a certain degree of adaptiveness of attacks, which substantially weakens the often-made independence and exponential attack inter-arrival time assumptions. The approach leads to a stochastic process model with two security metrics, and we attain some analytic results in terms of the security metrics.

Cyber Epidemic Models with Dependences

Studying models of cyber epidemics over arbitrary complex networks can deepen our understanding of cyber security from a whole-system perspective. In this work, we initiate the investigation of cyber epidemic models that accommodate the dependences between the cyber attack events. Due to the notorious difficulty in dealing with such dependences, essentially all existing cyber epidemic models have disregarded them. Specifically, we introduce the idea of copulas into cyber epidemic models for accommodating the dependences between the cyber attack events. We investigate the epidemic equilibrium thresholds as well as the bounds for both equilibrium and nonequilibrium infection probabilities. We further characterize the side effects of disregarding the due dependences between the cyber attack events by showing that the results thereof are unnecessarily restrictive or even incorrect.