Authors: Kallol K. Bagchi, Adriano O. Solis, Godwin J. Udo
Addresses: Department of Information and Decision Sciences, The University of Texas at El Paso, El Paso, TX 79968–0544, USA. ' Department of Information and Decision Sciences, The University of Texas at El Paso, El Paso, TX 79968–0544, USA. ' Department of Information and Decision Sciences, The University of Texas at El Paso, El Paso, TX 79968–0544, USA
Abstract: Diffusion literature to date has not dealt with bad innovations. This article discusses the nature of global temporal diffusion of internet attack incidents – a bad form of innovation. A number of models are investigated to see which one can best fit the Computer Emergency Response Team Coordination Centre (CERT/CC) incident data (1988–2001) and explain the rationale behind such attacks. A push-pull model fits the data reasonably well and has better explanatory power than the traditional logistic and exponential models. The parameters of the model can provide measures of both attack imitation and deterrence. The model was subsequently validated with another set of incident data from Federal Computer Incident Response Centre (FedCIRC) and its predictive power was also verified to be reasonable. The implication of this study is that security measures are inadequate as compared to the volume of attack incidents and that serious attention needs to be paid to increase security measures of US firms.
Keywords: network security; internet attacks; diffusion models; validation; bad innovation; deterrence; imitation; global diffusion; cyber security.
International Journal of Internet and Enterprise Management, 2005 Vol.3 No.4, pp.323 - 344
Published online: 21 Jan 2006 *Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article