Data breach is a major cybersecurity problem that has caused huge financial losses and compromised many individuals' privacy (e.g., social security numbers). This calls for deeper understanding about the data breach risk. Despite the substantial amount of attention that has been directed toward the issue, many fundamental problems are yet to be investigated. In this article, we initiate the study of modeling and predicting risk in enterprise-level data breaches. This problem is challenging because of the sparsity of breaches experienced by individual enterprises over time, which immediately disqualifies standard statistical models because there are not enough data to train such models. As a first step towards tackling the problem, we propose an innovative statistical framework to leverage the dependence between multiple time series. In order to validate the framework, we apply it to a dataset of enterprise-level breach incidents. Experimental results show its effectiveness in modeling and predicting enterprise-level breach incidents.

中文翻译：

---

预测数据泄露风险的框架：利用依赖来应对稀疏性


数据泄露是一个重大的网络安全问题，它造成了巨大的经济损失并损害了许多个人的隐私（例如社会安全号码）。这需要更深入地了解数据泄露风险。尽管人们对这个问题给予了大量关注，但许多基本问题仍有待调查。在本文中，我们启动了企业级数据泄露风险建模和预测的研究。这个问题具有挑战性，因为随着时间的推移，个别企业所经历的违规行为很少，这会立即使标准统计模型失去资格，因为没有足够的数据来训练此类模型。作为解决该问题的第一步，我们提出了一个创新的统计框架来利用多个时间序列之间的依赖性。为了验证该框架，我们将其应用于企业级违规事件的数据集。实验结果表明其在建模和预测企业级违规事件方面的有效性。