INTERNSHIP REPORT ON

MODELING AND PREDICTING THE CYBER HACKING

BREACHES WITH PYTHON
A report submitted in partial fulfillment of the requirements for the Award of Degree of

BACHELOR OF TECHNOLOGY
IN
COMPUTER SCIENCE AND ENGINEERING
By
V.SAI RAMESH
Regd. No.: 22671A0553

Under Supervision of
Mr. Srinivas ,
Vcube Pvt . Ltd, Hyderabad.
(Duration: 11th October, 2023 to 8th December, 2023)

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

J.B. INSTITUTE OF ENGINEERING AND TECHNOLOGY
(UGC Autonomous) Approved by AICTE, Accredited by NBA & NAAC Permanently affiliated to
JNTUH, Hyderabad, Telangana
2022-2026
 DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
J.B. INSTITUTE OF ENGINEERING AND TECHNOLOGY
(UGC Autonomous)

CERTIFICATE

This is to certify that the Internship report entitled “MODELING AND

PREDICTING THE CYBER HACKING BREACHES WITH PYTHON”
submitted by V.SAI RAMESH (Regd. No.22671A0553 ) is work done by him and
submitted during academic year 2023 – 2024, in partial fulfillment of the requirements
for the award of the degree of BACHELOR OF TECHNOLOGY in COMPUTER
SCIENCE AND ENGINEERING, at VCUBE Pvt Ltd., Hyderabad.

Mr.B.UPENDRA Dr. G. SREENIVASULU

Assistant professor & Internship Co-oridinator Associate Professor & HOD
Department of CSE Department of CSE
 ACKNOWLEDGEMENT

First I would like to thank Mr. SRINIVAS, VCUBE Pvt . Ltd., Hyderabad for giving
me the opportunity to do an internship within the organization.

I also like to thank all the people that worked along with me VCUBE Pvt . Ltd.., with
their patience and openness they created an enjoyable working environment.

It is indeed with a great sense of pleasure and immense sense of gratitude that I
acknowledge the help of these individuals.

I would like to thank Mr.B. UPENDRA, internship coordinator, Department of

COMPUTER SCIENCE AND ENGINEERING for his support and advices to get
and complete internship in above said organization. I am extremely great full to my
department, staff members and friends who helped me in successful completion of this
internship.

I would like to thank my Head of the Department Dr. G. SREENIVASULU for his
constructive criticism throughout my internship. I am highly indebted to Principal Dr.
P.C.KRISHNAMACHARY, for the facilities provided to accomplish this internship.

V.SAI RAMESH
22671A0553
 INTERNSHIP OBJECTIVES

One of the main objectives of an internship is to expose you to a particular job and a
profession or industry. While you might have an idea about what a job is like, you
won’t know until you actually perform it if it’s what you thought it was, if you have the
training and skills to do it and if it’s something you like. For example, you might think
that advertising is a creative process that involves coming up with slogans and fun
campaigns. Taking an internship at an advertising agency would help you find that
advertising includes consumer demographic research, focus groups, knowledge of a
client’s pricing and distribution strategies, and media research and buying. When you
apply for jobs, the more experience and accomplishments you have, the more attractive
you’ll look to a potential employer. Just because you have an internship with a specific
title or well-known company doesn’t mean your internship will help you land a nice gig.
Make an impact where you work by asking for responsibility and looking for ways to
achieve accomplishments. Be willing to work more hours than you’re required and ask
to work in different departments to expand your skill set. Don’t just fetch coffee, make
copies and sit in on meetings, even if that’s all it will take to finish your internship.
Another benefit of an internship is developing business contacts. These people can help
you find a job later, act as references or help you with projects after you’re hired
somewhere else. Meet the people who have jobs you would like some day and ask them
if you can take them to lunch. Ask them how they started their careers, how they got to
where they are now and if they have any suggestions for you to improve your skills.
 TABLE OF CONTENTS

S.NO TOPICS PAGE-NO

1. ABSTRACT 1

2. INTRODUCTION 2

3. SYSTEM ANALYSIS 3-4

4. SYSTEM REQUIRMENTS 5

5. TECHNOLOGIES 6-9

6. ORGANIZATION INFORMATION 10

7. WEEKLY REPORT 11-12

8. CODING 13-18

9. SCREENSHOTS 19-26

10. CONCLUSION 27

11. BIBLOGRAPHY 28-29

 ABSTRACT

Analyzing cyber incident data sets is an important method for deepening our
understanding of the evolution of the threat situation. This is a relatively new research
topic, and many studies remain to be done. In this paper, we report a statistical analysis
of a breach incident data set corresponding to 12 years (2005–2017) of cyber hacking
activities that include malware attacks. We show that, in contrast to the findings
reported in the literature, both hacking breach incident inter-arrival times and breach
sizes should be modeled by stochastic processes, rather Than by distributions because
they exhibit autocorrelations. Then, we propose particular stochastic process models to,
respectively, fit the inter-arrival times and the breach sizes. We also show that these
models can predict the inter-arrival times and the breach sizes. In order to get deeper
insights into the evolution of hacking breach incidents, we conduct both qualitative and
quantitative trend analyses on the data set. We draw a set of cyber security insights,
including that the threat of cyber hacks is indeed getting worse in terms of their
frequency, but not in terms of the magnitude of their damage.

1
 INTRODUCTION

Cyber hacking is an effort to take advantage of a computing system or a personal

network inside a computer.it is the unauthorised access to regulate over network
security system for a few illicit purpose.the data breaches are sensitive,confidential or
otherwise protected data has been accessed in an unauthorized fashion.cyber attack is
an assault launched by cybercriminals using one or multiple computers or networks.a
data breach is a confirmed incident in which sensitive ,confidential protected data has
been accessed or disclosed in an unauthorized fashion.Data breaches may involve
personal health information,trade secrates.Breach of privacy laws can expose
individuals to risks such as embarrassment,lossof employment opportunity,loss of
business opportunity,physical risks to safety and identity theft.a data breach occurs
when a cybercriminal successfully infiltrates a data source and extracts sensitive
information.this can be done physically by accessing a computer or network to steal
local files or by bypassing network security remotely.data breaches are becoming more
and more common and some of the most recent data breaches have been the largest on
record to date.DATA breaches are one of the most devastating cyber incidents. The
Privacy Rights Clearinghouse reports 7,730 data breaches between 2005 and 2017,
accounting for 9,919,228,821 breached records. The Identity Theft Resource Center
and Cyber Scout reports 1,093 data breach incidents in 2016, which is 40% higher than
the 780 data breach incidents in 2015.Data breaches expose 4.1 billion records in first
six month of 2019.the first six month of 2019 have seen more than 3800 publicly
disclosed breaches exposing an incredible 4.1 billion compromised records. In 2019,the
number of data breaches in the united states amounted to 1,473 with over 164.68
million sensitive records exposed.data breaches have gained attention with the
increasing use of digital files and companies and users large reliance on digital
data.State of breach January 2020:at least 7.9 billion records,including credit card
numbers,home addresses,phone numbers and other highly sensitive information,have
been exposed through data breaches since 2019

2
 SYSTEM ANALYSIS

EXISTING SYSTEM:
The present study is motivated by several questions that have not been investigated
until now, such as: Are data breaches caused by cyber-attacks increasing, decreasing,
or stabilizing? A principled answer to this question will give us a clear insight into the
overall situation of cyber threats. This question was not answered by previous studies.
Specifically, the dataset analyzed in [7] only covered the time span from 2000 to 2008
and does not necessarily contain the breach incidents that are caused by cyber-attacks;
the dataset analyzed in [9] is more recent, but contains two kinds of incidents:
negligent breaches (i.e., incidents caused by lost, discarded, stolen devices and other
reasons) and malicious breaching. Since negligent breaches represent more human
errors than cyber-attacks, we do not consider them in the present study. Because the
malicious breaches studied in [9] contain four sub-categories: hacking (including
malware), insider, payment card fraud, and unknown, this study will focus on the
hacking sub-category (called hacking breach dataset thereafter), while noting that the
other three sub-categories are interesting on their own and should be analyzed
separately.
DISADVANTAGES OF EXISTING SYSTEM:
Recently, researchers started modeling data breach incidents. Maillart and Sornette
studied the statistical properties of the personal identity losses in the United States
between year 2000 and 2008. They found that the number of breach incidents
dramatically increases from 2000 to July 2006 but remains stable thereafter. Edwards
et al. analyzed a dataset containing 2,253 breach incidents that span over a decade
(2005 to 2015). They found that neither the size nor the frequency of data breaches has
increased over the years. Wheatley et al., analyzed a dataset that is combined from
corresponds to organizational breach incidents between year 2000 and 2015. They
found that the frequency of large breach incidents (i.e., the ones that breach more than
50,000 records) occurring to US firms is independent of time, but the frequency of
large breach incidents occurring to non-US firms exhibits an increasing trend.
3
PROPOSED SYSTEM:
In this paper, we make the following three contributions. First, we show that
both the hacking breach incident interarrival times (reflecting incident frequency) and
breach sizes should be modeled by stochastic processes, rather than by distributions.
We find that a particular point process can adequately describe the evolution of the
hacking breach incidents inter-arrival times and that a particular ARMA-GARCH
model can adequately describe the evolution of the hacking breach sizes, where ARMA
is acronym for “Auto Regressive and Moving Average” and GARCH is acronym for
“Generalized Auto Regressive Conditional Heteros keda sticity.”We show that these
stochastic process models can predict the inter-arrival times and the breach sizes. To
the best of our knowledge, this is the first paper showing that stochastic processes,
rather than distributions, should be used to model these cyber threat factors. Second,
we discover a positive dependence between the incidents inter-arrival times and the
breach sizes, and show that this dependence can be adequately described by a
particular copula. We also show that when predicting inter-arrival times and breach
sizes, it is necessary to consider the dependence; otherwise, the prediction results are
not accurate. To the best of our knowledge, this is the first work showing the existence
of this dependence and the consequence of ignoring it. Third, we conduct both
qualitative and quantitative trend analyses of the cyber hacking breach incidents.
ADVANTAGES OF PROPOSED SYSTEM:
We find that the situation is indeed getting worse in terms of the incidents inter-
arrival time because hacking breach incidents become more and more frequent, but the
situation is stabilizing in terms of the incident breach size, indicating that the damage
of individual hacking breach incidents will not get much worse. We hope the present
study will inspire more investigations, which can offer deep insights into alternate risk
mitigation approaches. Such insights are useful to insurance companies, government
agencies, and regulators because they need to deeply understand the nature of data
breach risks.

4
 SYSTEM SPECIFICATION

HARDWARE REQUIREMENTS:

 System : Pentium IV 2.4 GHz.

 Hard Disk : 40 GB.

 Monitor : 14’ Colour Monitor.

 Mouse : Optical Mouse.

 Ram : 4GB.

SOFTWARE REQUIREMENTS:

 Operating system : Windows 10.

 Coding Language : Python.

 Front-End : Python

 Designing : Html,css,javascript.

 Data Base : MySQL

5
 TECHNOLOGIES

PYTHON
Python is a general-purpose interpreted, interactive, object-oriented, and high-level
programming language. An interpreted language, Python has a design philosophy that
emphasizes code readability (notably using whitespace indentation to delimit code
blocks rather than curly brackets or keywords), and a syntax that allows programmers
to express concepts in fewer lines of code than might be used in languages such
as C++or Java. It provides constructs that enable clear programming on both small and
large scales. Python interpreters are available for many operating systems. CPython,
the reference implementation of Python, is open source software and has a community-
based development model, as do nearly all of its variant implementations. CPython is
managed by the non-profit Python Software Foundation. Python features a dynamic
type system and automatic memory management. It supports multiple programming
paradigms, including object-oriented, imperative, functional and procedural, and has a
large and comprehensive standard library
Python is Interpreted:
Many languages are compiled, meaning the source code you create needs to be
translated into machine code, the language of your computer’s processor, before it can
be run. Programs written in an interpreted language are passed straight to an interpreter
that runs them directly. This makes for a quicker development cycle because you just
type in your code and run it, without the intermediate compilation step. One potential
downside to interpreted languages is execution speed. Programs that are compiled into
the native language of the computer processor tend to run more quickly than
interpreted programs.
For some applications that are particularly computationally intensive, like graphics
processing or intense number crunching, this can be limiting. In practice, however, for
most programs, the difference in execution speed is measured in milliseconds, or
seconds at most, and not appreciably noticeable to a human user.
6
Python is Portable :
Because Python code is interpreted and not compiled into native machine instructions,
code written for one platform will work on any other platform that has the Python
interpreter installed. (This is true of any interpreted language, not just Python).

DJANGO
Django is a high-level Python Web framework that encourages rapid
development and clean, pragmatic design. Built by experienced developers, it takes
care of much of the hassle of Web development, so you can focus on writing your app
without needing to reinvent the wheel. It’s free and open source.
Django's primary goal is to ease the creation of complex, database-driven websites.
Django emphasizes reusabilityand "pluggability" of components, rapid development,
and the principle of don't repeat yourself. Python is used throughout, even for settings
files and data models.

7
Django also provides an optional administrative create, read, update and
delete interface that is generated dynamically through introspection and configured via
admin models

Python is a programming language, which means it’a a language both people and
computers can understand. Python was developed by a Dutch software engineer
named Guido van Rossum, who created the language to solve some problems he saw in
computer languages of the time.

Python is an interpreted high-level programming language for general-purpose

programming. Created by Guido van Rossum and first released in 1991, Python has a
design philosophy that emphasizes code readability, and a syntax that allows
programmers to express concepts in fewer lines of code, notably using significant
whitespace. It provides constructs that enable clear programming on both small and
large scales.
Python features a dynamic type system and automatic memory management. It
supports multiple programming paradigms, including object-oriented, imperative,
functional and procedural, and has a large and comprehensive standard library.
Python interpreters are available for many operating systems. C Python, the reference
implementation of Python, is open source software and has a community-based

8
development model, as do nearly all of its variant implementations. C Python is
managed by the non-profit Python Software Foundation.

You Can Use Python for Pretty Much Anything

One significant advantage of learning Python is that it’s a general-purpose language
that can be applied in a large variety of projects. Below are just some of the most
common fields where Python has found its use:
 Data science

 Scientific and mathematical computing

 Web development

 Computer graphics

 Basic game development

 Mapping and geography (GIS software)

9
 ORGANISATION INFORMATION

Address: 3rd floor, Road no:3, beside Sree Vasavi Silks, Kukatpally Housing board
Colony , JNTU kukatpally , Hyderabad - 500085
Email: [email protected]

V Cube is Best Software Training Institute In Hyderabad | KPHB that

offers comprehensive training on a wide range of software technologies,
delivered by real-time & full-time industry experts. We also provide lab
sessions after every class to give you hands-on experience.
To solidify your learning, you will be required to work on a mandatory
project in a field or domain of your choice, replicating real-time use cases.
In addition to comprehensive training, V Cube also provides a range of
career support services to help you land your dream job. This includes
profile / resume building, weekly examinations, mock interviews,
continuous LinkedIn profile building activities, agile methodology
practices, online aptitude classes, and job assistance.
PROGRAMS AND OPPORTUNITIES:
1. Machine Learning With Python
2. Full Stack Web development
3. Data Science
4. Cyber Security
5. Artificial Intelligence
10
 WEEKLY REPORT
WEEK-I (11/10/23) to (17/10/23):

o Python Fundamentals.
o Data types, list, dictionary, array, string operations.

WEEK-II (18/10/23) to (25/10/23):

o Condition and loops.

o Inbuilt and user defined functions IO, Numpy, Error Handling.

WEEK-III (26/10/23) to (03/11/23):

o Pandas and Visualisation.

o Introduction to probability & distribution central limit theorem, hypothesis
testing.

WEEK-IV (04/11/23) to (09/11/23):

o What is Machine Learning, Difference between a rule based algorithm and a

machine learning algorithm.
o Supervised vs Unsupervised learning. Classification vs Regression.

WEEK-V (10/11/23) to (16/11/23):

o Training, Testing and Cross Validation Data Features and labels pickling and
scaling and Techniques, Error Metrics.
o Linear Regression, Forecasting and prediction using regression, logistic
regression, knn classification.

WEEK-VI (17/11/23) to (24/11/23):

o Support vector machines, k-means clustering random forestlinear + minor project

discussion.

WEEK-VII (25/11/23) to (02/12/23):

o Introduction to Django ,Data collection and storage , Data Processing .

Intergrated with Frontend

11
WEEK-VIII (03/11/23) to (10/12/23):

o Implemetation of all the algorithms using sklearn and explanation on major

project

12
 CODING

from django.db.models import Count

from django.shortcuts import render, redirect

# Create your views here.

from Cyber_Users.models import UserAdd_Model

def admin_login(request):
if request.method =="POST":
name = request.POST.get('name')
password = request.POST.get('password')
if name=='admin' and password == 'admin':
return redirect('user_details')
return render(request, 'admins/admin_login.html')

def achart_page(request,chart_type):
chart =
UserAdd_Model.objects.values('year').annotate(dcount=Count('organizationtype'))
return
render(request,'admins/achart_page.html',{'chart_type':chart_type,'objects':chart})

def admin_analysis(request):
chart =
UserAdd_Model.objects.values('attackresult','method').annotate(dcount=Count('attackr
esult'))
return render(request,'admins/admin_analysis.html',{'objects':chart})

def user_details(request):
obj = UserAdd_Model.objects.all()
return render(request,'admins/user_details.html',{'object':obj})

import re

from django.contrib import messages

from django.contrib.auth import authenticate
from django.db.models import Q, Count
from django.shortcuts import render, redirect

13
# Create your views here.
from Cyber_Users.forms import UserRegister_Form
from Cyber_Users.models import UserRegister_Model, UserAdd_Model

def user_login(request):
if request.method == "POST":
name = request.POST.get('name')
password = request.POST.get('password')
try:

check = UserRegister_Model.objects.get(name=name,password=password)
request.session['userid'] = check.id
return redirect('user_adddata')
except:
pass
user = authenticate(name=name,password=password)
if user is not None:
if user.is_active:

return redirect('user_adddata')
else:
messages.error(request, 'username or password are not match')

return redirect('user_login')

return render(request, 'users/user_login.html')

def user_register(request):
if request.method == "POST":
forms = UserRegister_Form(request.POST)
if forms.is_valid():
forms.save()
messages.success(request, 'You have been successfully registered')
return redirect('user_login')
else:
forms = UserRegister_Form()

return render(request,'users/user_register.html',{'form':forms})

def user_adddata(request):

14
 userid = request.session["userid"]
obj = UserRegister_Model.objects.get(id=userid)
attack1 = []
attack2, attack3, attack4, attack5, attack6, attack7, attack8, attack9 = [], [], [], [], [],
[], [], []

splt = ''
Entity = ''
Year = 0
Records = ''
Organizationtype = ''
Method = ''
txt =''
Adddata = ''
ans = ''
Time = ''
if request.method == "POST":
Entity = request.POST.get("entity")
Year = request.POST.get("year")
Records = request.POST.get("records")
Organizationtype = request.POST.get("organizationtype")
Method = request.POST.get("method")
txt = request.POST.get("name")
Time = request.POST.get("time")

splt = (re.findall(r"[\w']+", str(txt)))

for f in splt:
if f in ('IPid', 'FDDI', 'x25', 'rangingdistance'):
attack1.append(f)
elif f in ('tcpchecksum', 'mtcp', 'controlflags', 'tcpoffset', 'tcpport'):
attack2.append(f)
elif f in ('ICMPID', 'udptraffic', 'udpunicorn', 'datagramid', 'NTP', 'RIP', 'TFTP'):
attack3.append(f)
elif f in ('GETID', 'POSTID', 'openBSD', 'appid', 'sessionid', 'transid', 'physicalid'):
attack4.append(f)
elif f in ('SYN', 'ACK', 'synpacket', 'sycookies'):
attack5.append(f)
elif f in ('serverattack', 'serverid', 'blockbankwidth'):
attack6.append(f)
elif f in ('monlist', 'getmonlist', 'NTPserver'):

15
 attack7.append(f)
elif f in ('portid', 'FTPID', 'tryion', 'fragflag'):
attack8.append(f)
elif f in ('malwareid', 'gethttpid', 'httpid'):
attack9.append(f)

if len(attack1) > len(attack2) and len(attack1) > len(attack3) and len(attack1) >
len(attack4) and len(
attack1) > len(attack5) and len(attack1) > len(attack6) and len(attack1) >
len(attack7) and len(
attack1) > len(attack8) and len(attack1) > len(attack9):
ans = "Man-in-the-middle Attack"
elif len(attack2) > len(attack1) and len(attack2) > len(attack3) and len(attack2) >
len(attack4) and len(
attack2) > len(attack5) and len(attack2) > len(attack6) and len(attack2) >
len(attack7) and len(
attack2) > len(attack8) and len(attack2) > len(attack9):
ans = "Phishing and spear phishing attacks"
elif len(attack3) > len(attack2) and len(attack3) > len(attack1) and len(attack3) >
len(attack4) and len(
attack1) > len(attack5) and len(attack1) > len(attack6) and len(attack1) >
len(attack7) and len(
attack1) > len(attack8) and len(attack1) > len(attack9):
ans = "Drive-by attack"
elif len(attack4) > len(attack2) and len(attack4) > len(attack3) and len(attack4) >
len(attack1) and len(
attack4) > len(attack5) and len(attack4) > len(attack6) and len(attack4) >
len(attack7) and len(
attack4) > len(attack8) and len(attack4) > len(attack9):
ans = "Password attack"
elif len(attack5) > len(attack2) and len(attack5) > len(attack3) and len(attack5) >
len(attack4) and len(
attack5) > len(attack1) and len(attack5) > len(attack6) and len(attack5) >
len(attack7) and len(
attack5) > len(attack8) and len(attack5) > len(attack9):
ans = "SQL injection attack"
elif len(attack6) > len(attack2) and len(attack6) > len(attack3) and len(attack6) >
len(attack4) and len(
attack6) > len(attack5) and len(attack6) > len(attack1) and len(attack6) >
len(attack7) and len(
attack6) > len(attack8) and len(attack6) > len(attack9):
ans = "Cross-site scripting (XSS) attack"
elif len(attack7) > len(attack2) and len(attack7) > len(attack3) and len(attack7) >
len(attack4) and len(

16
 attack7) > len(attack5) and len(attack7) > len(attack6) and len(attack7) >
len(attack1) and len(
attack7) > len(attack8) and len(attack7) > len(attack9):
ans = "Eavesdropping attack"
elif len(attack8) > len(attack2) and len(attack8) > len(attack3) and len(attack8) >
len(attack4) and len(
attack8) > len(attack5) and len(attack8) > len(attack6) and len(attack8) >
len(attack7) and len(
attack8) > len(attack1) and len(attack8) > len(attack9):
ans = "Birthday attack"
elif len(attack9) > len(attack2) and len(attack9) > len(attack3) and len(attack9) >
len(attack4) and len(
attack9) > len(attack5) and len(attack9) > len(attack6) and len(attack9) >
len(attack7) and len(
attack9) > len(attack8) and len(attack9) > len(attack1):
ans = "Teardrop attack"

else:
ans = "Unmalware"

UserAdd_Model.objects.create(uregid=obj,entity=Entity,year=Year,records=Records,o
rganizationtype=Organizationtype,method=Method,adddata=txt,attackresult=ans,time=
Time)

return render(request,'users/user_adddata.html')

def user_page(request):
obj = UserAdd_Model.objects.all()
return render(request,'users/user_page.html',{'object':obj})

def malware(request):
obj = UserAdd_Model.objects.filter(Q(attackresult='Man-in-the-middle (MitM)
attack') | Q(attackresult='Phishing and spear phishing attacks') | Q(
attackresult='Drive-by attack') | Q(attackresult='Password attack') | Q(
attackresult='SQL injection attack') | Q(attackresult='Cross-site scripting (XSS)
attack') | Q(attackresult='Eavesdropping attack') | Q(
attackresult='Birthday attack') | Q(attackresult='Teardrop attack'))
return render(request,'users/malware.html',{'object':obj})

def unmalware(request):
obj = UserAdd_Model.objects.filter(attackresult='Unmalware')
return render(request,'users/unmalware.html',{'object':obj})

17
def breaches_analysis(request):
chart =
UserAdd_Model.objects.values('attackresult','method').annotate(dcount=Count('attackr
esult'))
return render(request,'users/breaches_analysis.html',{'objects':chart})

def chart_page(request,chart_type):
chart =
UserAdd_Model.objects.values('year').annotate(dcount=Count('organizationtype'))
return render(request,'users/chart_page.html',{'chart_type':chart_type,'objects':chart})

18
 SCREENSHOTS

Home page :

User register:

19
Admin login:

20
User login:

21
Add data:

22
23
24
25
26
 CONCLUSION

We analyzed a hacking breach data set from the points of view of the incidents
inter-arrival time and the breach size, and showed that they both should be modeled by
stochastic processes rather than distributions. The statistical models developed in this
paper show satisfactory fitting and prediction accuracies. In particular, we propose
using a copula-based approach to predict the joint probability that an incident with a
certain magnitude of breach size will occur during a future period of time. Statistical
tests show that the methodologies proposed in this paper are better than those which
are presented in the literature, because the latter ignored both the temporal correlations
and the dependence between the incidents inter-arrival times and the breach sizes. We
conducted qualitative and quantitative analyses to draw further insights. We drew a set
of cybersecurity insights, including that the threat of cyber hacking breach incidents is
indeed getting worse in terms of their frequency, but not the magnitude of their damage.
The methodology presented in this paper can be adopted or adapted to analyze datasets
of a similar nature.

27
 BIBLIOGRAPHY

1. M. Golling and B. Stelte, “Requirements for a future ews-cyber defence in the

internet of the future,” in Cyber conflict (ICCC), 2011 3rd international conference on.
IEEE, 2011, pp. 1–16.
2. BSIMM, “Attack models with bsimm frameworks,” Online, vol.
https://www.bsimm.com/framework/intelligence/attack-models/, 2016.
3. B. of England, “Cbest intelligence-led testing- an introduction to cyber threat
modelling,” ank of England Publication, vol.
http://www.bankofengland.co.uk/anintroductiontocbest.pdf, 2016.
4. X. Lin, P. Zavarsky, R. Ruhl, and D. Lindskog, “Threat modeling for csrf attacks,”
2013 IEEE 16th International Conference on Computational Science and Engineering,
vol. 3, pp. 486–491, 2009.
5. C. Phillips and L. P. Swiler, “A graph-based system for network-vulnerability
analysis,” in Proceedings of the 1998 Workshop on New Security Paradigms, ser.
NSPW ’98. New York, NY, USA: ACM, 1998, pp. 71–79. [Online]. Available:
http://doi.acm.org/10.1145/310889.310919
6. B. Schneier, “Attack trees,” Dr. Dobbs journal, vol. 24, no. 12, pp. 21– 29, 1999.
7. M. Mulazzani, S. Schrittwieser, M. Leithner, M. Huber, and E. R. Weippl, “Dark
clouds on the horizon: Using cloud storage as attack vector and online slack space.” in
USENIX Security Symposium. San Francisco, CA, USA, 2011, pp. 65–76.
8. P. K. Manadhata and J. M. Wing, “An attack surface metric,” Software Engineering,
IEEE Transactions on, vol. 37, no. 3, pp. 371–386, 2011.
9. S.Caltagirone, A.Pendergast, and C.Betz, “The diamond model of intrusion
analysis,” DTIC Document, Tech. Rep., 2013.
10. U. S. J. C. of Staff, Joint Tactics, Techniques, and Procedures for Joint Intelligence
Preparation of the Battle space. Joint Chiefs of Staff, 2000.
11. E. M.Hutchins, M.J.Cloppert, and R.M.Amin, “Intelligence-driven computer
network defense informed by analysis of adversary campaigns and intrusion kill

28
chains,” Leading Issues in Information Warfare & Security Research, vol. 1, p. 80,
2011.
12. W.L.Sharp, “Joint publication 3-60:Joint targeting,” Washington DC: Joint Chiefs
of Staff, 2007.
13. T.Sakuraba,S.Domyo , B.-H.Chou and K.Saku, “Exploring security
countermeasures along the attack sequence,” in Information Security and Assurance,
2008. ISA 2008. International Conference on. IEEE, 2008, pp. 427–432.
14. N. Ghosh and S. K. Ghosh, “A planner-based approach to generate and analyze
minimal attack graph,” Applied Intelligence, vol. 36, no. 2, pp. 369–390, 2012.
15. V. Shandilya, C. B. Simmons, and S. Shiva, “Use of attack graphs in security
systems,” Journal of Computer Networks and Communications, vol. 2014, 2014

29