Abstract

Cyber risks are the most common risks encountered by a modern networked system. Among various characteristics, propagation should be one of the most important characteristics of cyber risks. On the assumption of risk propagation, the assessment of cyber risks, namely, the size of compromised nodes after certain types of incidents, has been studied for a long time in the literature. However, most of them only focus on the limiting behavior or approximation of size of compromised nodes of large-scale networks and ignore some important elements of risk management such as the heterogeneity, dependence and so on, which may cause a limited application. In this talk, we focus on the accurate distribution and dependence of sizes of compromised nodes in an arbitrary network based on the proposed $L$-hop propagation model: (1) we provide an exact algorithm for the multivariate distribution of sizes of compromised nodes with different types as well as explicit formulas; (2) we discuss the dependence of the sizes of compromised nodes with different types and we prove that it always possesses the positive association dependence among the sizes; (3) we provide some useful bounds for mean, variance and covariance of the sizes which may be used to roughly evaluate the cyber risks for a large network. Some results and useful insights for certain specific network topologies.