(Institut Teknologi Bandung, Indonesia)(2) Yeftanus Antonio
(Institut Teknologi Bandung, Indonesia)(3) Suhadi Wido Saputro
(Institut Teknologi Bandung, Indonesia)*corresponding author
AbstractThis study compares cyber insurance premiums with and without a communication network effect frequency. As a cybersecurity factor, the frequency in a communication network influences the speed of cyberattack transmission. It means that a network or a high activity node is more vulnerable than a network with low activity. Traditionally, cyber insurance pricing considers historical data to set premiums or rates. Conversely, the network security level can evaluate using the Monte Carlo simulation based on the epidemic model. This simulation requires spreading parameters, such as infection rate, recovery rate, and self-infection rate. Our idea is to modify the infection rate as a function of the frequency in a communication network. The node-based model uses probability distributions for the communication mechanism to generate the data. It adopts the co-purchase network formation in market basket analysis for building weighted edges and nodes. Simulations are used to compare the initial and modified infection rates. This paper considered prism and Petersen graph topology as case studies. The relative difference is a metric to compare the significance of premium adjustment. The results show that the premium for a node with a low level in a communication network can reach 28.28% lower than the initial premium. The premium can reach 20.99% lower than the initial network premium for a network. Based on these results, insurance companies can adjust cyber insurance premiums based on computer usage to offer a more appropriate price.
KeywordsCommunication network; Cyber insurance; Frequency; Node-based model; Premium adjustment
|
DOIhttps://doi.org/10.26555/ijain.v7i3.698 |
Article metricsAbstract views : 837 | PDF views : 269 |
Cite |
Full Text Download
|
References
[1] M. F. Carfora, F. Martinelli, F. Mercaldo, A. Orlando, and A. Yautsiukhin, “Cyber Risk Management: A New Challenge for Actuarial Mathematics,” 2018, doi: 10.1007/978-3-319-89824-7_36.
[2] S. Rass, S. Schauer, S. König, and Q. Zhu, “Insurance,” 2020, pp. 137–158, doi: 10.1007/978-3-030-46908-5_7.
[3] M. F. Carfora, F. Martinelli, F. Mercaldo, and A. Orlando, “Cyber risk management: An actuarial point of view,” J. Oper. Risk, 2019, doi: 10.21314/JOP.2019.231.
[4] P. Dreyer et al., Estimating the Global Cost of Cyber Risk: Methodology and Examples, 2018, doi: 10.7249/rr2299.
[5] S. Morgan, “2019 Official Annual Cybercrime Report,” 2019 Rep. by Cybersecurity Ventur. Spons. by Herjavec Gr., 2019. Available at: Google Scholar.
[6] S. Dambra, L. Bilge, and D. Balzarotti, “SoK: Cyber Insurance – Technical Challenges and a System Security Roadmap,” 2020, doi: 10.1109/sp40000.2020.00019.
[7] A. Marotta, F. Martinelli, S. Nanni, A. Orlando, and A. Yautsiukhin, “Cyber-insurance survey,” 2017, doi: 10.1016/j.cosrev.2017.01.001.
[8] M. Eling and N. Loperfido, “Data breaches: Goodness of fit, pricing, and risk measurement,” Insur. Math. Econ., 2017, doi: 10.1016/j.insmatheco.2017.05.008.
[9] S. Romanosky, L. Ablon, A. Kuehn, and T. Jones, “Content analysis of cyber insurance policies: How do carriers price cyber risk?,” J. Cybersecurity, 2019, doi: 10.1093/cybsec/tyz002.
[10] M. Xu and L. Hua, “Cybersecurity Insurance: Modeling and Pricing,” North Am. Actuar. J., vol. 23, no. 2, pp. 220–249, Apr. 2019, doi: 10.1080/10920277.2019.1566076.
[11] M. A. Fahrenwaldt, S. Weber, and K. Weske, “Pricing of cyber insurance contracts in a network model,” ASTIN Bull., 2018, doi: 10.1017/asb.2018.23.
[12] S. W. Indratno and Y. Antonio, “A Gillespie Algorithm and Upper Bound of Infection Mean on Finite Network,” in Communications in Computer and Information Science, 2019, doi: 10.1007/978-981-15-0399-3_29.
[13] Y. Antonio and S. W. Indratno, “Cyber Insurance Rate Making Based on Markov Model for Regular Networks Topology,” J. Phys. Conf. Ser., vol. 1752, no. 1, p. 012002, Feb. 2021, doi: 10.1088/1742-6596/1752/1/012002.
[14] Y. Antonio, S. W. Indratno, and S. W. Saputro, “Pricing of cyber insurance premiums using a Markov-based dynamic model with clustering structure,” PLoS One, vol. 16, no. 10, p. e0258867, Oct. 2021, doi: 10.1371/journal.pone.0258867.
[15] L. Wang and R. Jones, “Big Data Analytics in Cyber Security: Network Traffic and Attacks,” J. Comput. Inf. Syst., pp. 1–8, Jan. 2020, doi: 10.1080/08874417.2019.1688731.
[16] Q. A. A. Ruhimat, G. W. Fajariyanto, D. M. Firmansyah, and Slamin, “Optimal computer network based on graph topology model,” J. Phys. Conf. Ser., vol. 1211, p. 012007, Apr. 2019, doi: 10.1088/1742-6596/1211/1/012007.
[17] T. Raeder and N. V. Chawla, “Market basket analysis with networks,” Soc. Netw. Anal. Min., vol. 1, no. 2, pp. 97–113, Apr. 2011, doi: 10.1007/s13278-010-0003-7.
[18] N. Adhikari, A. Singh, and N. K. Swain, “Reliable, Effective and Fault-Tolerant Design of Leafy Cube Interconnection Network Topology,” Int. J. Innov. Technol. Explor. Eng., vol. 8, no. 12, pp. 3163–3170, Oct. 2019, doi: 10.35940/ijitee.L2707.1081219.
[19] A. H. Mousa, N. T. Mohammed, and E. A. Mohammed, “EFCNT: An evaluation framework for computer’s network topologies,” 2019, p. 050010, doi: 10.1063/1.5123126.
[20] B. Elshqeirat, S. Soh, S. Rai, and S. Manaseer, “On Maximizing Reliability of Network Topology Design Using a Practical Dynamic Programming Approach,” Mod. Appl. Sci., vol. 12, no. 12, p. 163, Nov. 2018, doi: 10.5539/mas.v12n12p163.
[21] A. B. Khedkar and V. L. Patil, “Computer Network Optimization Using Topology Modification,” 2015, pp. 117–127, doi: 10.1007/978-3-319-11227-5_11.
[22] J. M. Kizza, Guide to Computer Network Security, 2017, doi: 10.1007/978-3-319-55606-2.
[23] Q. A. A. Ruhimat, G. W. Fajariyanto, D. M. Firmansyah, and Slamin, “Optimal computer network based on graph topology model,” J. Phys. Conf. Ser., vol. 1211, no. 1, p. 012007, Apr. 2019, doi: 10.1088/1742-6596/1211/1/012007.
[24] G. A. Schwartz and S. S. Sastry, “Cyber-insurance framework for large scale interdependent networks,” in HiCoNS 2014 - Proceedings of the 3rd International Conference on High Confidence Networked Systems (Part of CPS Week), 2014, doi: 10.1145/2566468.2566481.
[25] I. F. Videla-Cavieres and S. A. Ríos, “Extending market basket analysis with graph mining techniques: A real case,” Expert Syst. Appl., vol. 41, no. 4, pp. 1928–1936, Mar. 2014, doi: 10.1016/j.eswa.2013.08.088.
[26] B. Nguyen, “Modelling Cyber Vulnerability using Epidemic Models,” in Proceedings of the 7th International Conference on Simulation and Modeling Methodologies, Technologies and Applications, 2017, pp. 232–239, doi: 10.5220/0006401902320239.
[27] S. W. Indratno and Y. Antonio, A Gillespie Algorithm and Upper Bound of Infection Mean on Finite Network, 2019, vol. 1100, doi: 10.1007/978-981-15-0399-3_29.
[28] M. Xu and L. Hua, “Cybersecurity Insurance: Modeling and Pricing,” North Am. Actuar. J., 2019, doi: 10.1080/10920277.2019.1566076.
[29] P. Van Mieghem and E. Cator, “Epidemics in networks with nodal self-infection and the epidemic threshold,” Phys. Rev. E, vol. 86, no. 1, p. 016116, Jul. 2012, doi: 10.1103/PhysRevE.86.016116.
[30] P. Van Mieghem and J. Omic, “In-homogeneous Virus Spread in Networks,” Jun. 2013. Available at: Google Scholar.
[31] F. Harary, Graph theory, 2018, doi: 10.1201/9780429493768.
[32] J. O. Bennett and W. L. Briggs, Using & Understanding Mathematics: A Quantitative Reasoning Approach, 7th Editio. Pearson, 2018. Available at: Google Scholar.
[33] S. A. Klugman, H. H. Panjer, and G. E. Willmot, Loss Models?: From Data to Decisions, 5th edition. John Wiley and Sons, Inc., 2019. Available at: Google Books.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
___________________________________________________________
International Journal of Advances in Intelligent Informatics
ISSN 2442-6571 (print) | 2548-3161 (online)
Organized by UAD and ASCEE Computer Society
Published by Universitas Ahmad Dahlan
W: http://ijain.org
E: info@ijain.org (paper handling issues)
andri.pranolo.id@ieee.org (publication issues)
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0