Transcript Power Laws for Cyber Crime

Power Laws for Cyber Crime
Richard Overill & Jantje Silomon
Department of Informatics
King’s College London
Power Laws
• Characterise a multitude of processes which
produce a large number of small events but a
small number of large events:
• p(x) = C x -α
• log p(x) = log C - α log x
• A log-log plot is a straight line with gradient -α
• the exponent α characterises the power law in a
phenomenological sense.
Previous Work
• L F Richardson (1948/60)
– “fatal quarrels”
• L-E Cederman (2003)
– wars
• A Clauset et al. (2005/7)
– terrorism in G7: α = 1.7
• N F Johnson et al. (2005/6)
– old wars, new wars
• R Coelho et al. (2008)
– low-medium UK incomes: α = 3.1 - 3.3
Cyber Crime Dataset
• 11 years (1997 - 2007) of US CSI (Computer
Security Institute) annual average financial
loss data over 12 e-crime categories.
• Corrected for US$ inflation.
• Cleaned to remove internal inconsistencies.
• Kolmogorov-Smirnov test for divergence as
x  0.
• 99 data points representing 6737 incidents.
• Minus-one jack-knife re-sampling provides
uncertainty bounds on α.
Double Power Law for Cyber Crimes
Results & Conclusions
• A double power regime appears to be in
operation:
• αL = 1.7 ± 0.1; r2L = 0.994 (over 92 points)
• αR = 3.1 ± 0.3; r2R = 0.900 (over 7 points)
• xX = $2.858M ± 0.350
• exponent of ~1.7 shared with incidence of
terrorism in G7 nations.
• exponent of ~3.1 shared with distribution of
low-medium UK incomes.
Conjectures
• Heists below ~$2.85M are characterised by a
pre-planned, opportunistic, ‘ambush’ strategy.
• Heists above ~$2.85M (financial fraud and IP
theft) are characterised by an economic
infrastructure (Serious Organised Cybercrime)
• R Overill & J Silomon, Single and Double
Power Laws for Cyber Crimes, J Information
Warfare 10 (3) 29 – 36 (December 2011).