{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,24]],"date-time":"2026-02-24T17:59:34Z","timestamp":1771955974673,"version":"3.50.1"},"reference-count":26,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2022,1,4]],"date-time":"2022-01-04T00:00:00Z","timestamp":1641254400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2022,1,4]],"date-time":"2022-01-04T00:00:00Z","timestamp":1641254400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/100000865","name":"Bill and Melinda Gates Foundation","doi-asserted-by":"publisher","award":["INV-001309"],"award-info":[{"award-number":["INV-001309"]}],"id":[{"id":"10.13039\/100000865","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Data Min Knowl Disc"],"published-print":{"date-parts":[[2022,3]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>The increasing value of data held in enterprises makes it an attractive target to attackers. The increasing likelihood and impact of a cyber attack have highlighted the importance of effective cyber risk estimation. We propose two methods for modelling Value-at-Risk (VaR) which can be used for any time-series data. The first approach is based on Quantile Autoregression (QAR), which can estimate VaR for different quantiles, i.\u00a0e.\u00a0confidence levels. The second method, we term Competitive Quantile Autoregression (CQAR), dynamically re-estimates cyber risk as soon as new data becomes available. This method provides a theoretical guarantee that it asymptotically performs as well as any QAR at any time point in the future. We show that these methods can predict the size and inter-arrival time of cyber hacking breaches by running coverage tests. The proposed approaches allow to model a separate stochastic process for each significance level and therefore provide more flexibility compared to previously proposed techniques. We provide a fully reproducible code used for conducting the experiments.<\/jats:p>","DOI":"10.1007\/s10618-021-00814-z","type":"journal-article","created":{"date-parts":[[2022,1,4]],"date-time":"2022-01-04T07:03:04Z","timestamp":1641279784000},"page":"513-536","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Dynamic cyber risk estimation with competitive quantile autoregression"],"prefix":"10.1007","volume":"36","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5850-5683","authenticated-orcid":false,"given":"Raisa","family":"Dzhamtyrova","sequence":"first","affiliation":[]},{"given":"Carsten","family":"Maple","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,1,4]]},"reference":[{"key":"814_CR1","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1023\/A:1020281327116","volume":"50","author":"C Andrieu","year":"2003","unstructured":"Andrieu C, de Freitas N, Doucet A, Jordan MI (2003) An introduction to MCMC for machine learning. Mach Learn J 50:5\u201343","journal-title":"Mach Learn J"},{"key":"814_CR2","doi-asserted-by":"publisher","unstructured":"Arnes A, Sallhammar K, Haslum K, Brekne T, Moe MEG, Knapskog SJ (2005) Real-time risk assessment with network sensors and intrusion detection systems. In: Computational intelligence and security, pp 388\u2013397. https:\/\/doi.org\/10.1007\/11596981_57","DOI":"10.1007\/11596981_57"},{"issue":"4","key":"814_CR3","doi-asserted-by":"publisher","first-page":"841","DOI":"10.2307\/2527341","volume":"39","author":"P Christoffersen","year":"1998","unstructured":"Christoffersen P (1998) Evaluating interval forecasts. Int Econom Rev 39(4):841","journal-title":"Int Econom Rev"},{"key":"814_CR4","doi-asserted-by":"crossref","unstructured":"Dzhamtyrova R, Kalnishkan Y (2020) Competitive online quantile regression. In: International conference on information processing and management of uncertainty in knowledge-based systems, pp 499\u2013512","DOI":"10.1007\/978-3-030-50146-4_37"},{"issue":"1","key":"814_CR5","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1093\/cybsec\/tyw003","volume":"2","author":"B Edwards","year":"2016","unstructured":"Edwards B, Hofmeyr S, Forrest S (2016) Hype and heavy tails: a closer look at data breaches. J Cybersecur 2(1):3\u201314","journal-title":"J Cybersecur"},{"issue":"7","key":"814_CR6","doi-asserted-by":"publisher","first-page":"873","DOI":"10.1002\/jae.800","volume":"20","author":"PR Hansen","year":"2005","unstructured":"Hansen PR, Lunde A (2005) A forecast comparison of volatility models: does anything beat a garch(1, 1)? J Appl Economet 20(7):873\u2013889","journal-title":"J Appl Economet"},{"issue":"6","key":"814_CR7","doi-asserted-by":"publisher","first-page":"19","DOI":"10.2469\/faj.v60.n6.2669","volume":"60","author":"GA Holton","year":"2004","unstructured":"Holton GA (2004) Defining risk. Financ Anal J 60(6):19\u201325. https:\/\/doi.org\/10.2469\/faj.v60.n6.2669","journal-title":"Financ Anal J"},{"key":"814_CR8","doi-asserted-by":"publisher","DOI":"10.1002\/9781119162315","volume-title":"How to measure everything in cybersecurity risk","author":"DW Hubbard","year":"2016","unstructured":"Hubbard DW, Seiersen R (2016) How to measure everything in cybersecurity risk. Wiley, New York"},{"key":"814_CR9","volume-title":"Options, futures, and other derivatives","author":"JC Hull","year":"2006","unstructured":"Hull JC (2006) Options, futures, and other derivatives, 6th edn. Prentice Hall, New Jersey","edition":"6th"},{"key":"814_CR10","unstructured":"Hyndman RJ, Athanasopoulos G (2018) Forecasting: principles and practice"},{"key":"814_CR11","unstructured":"Jones N, Tivnan B (2018) Cyber risk metrics survey, assessment, and implementation plan. Case number 18-1246, The Homeland security systems engineering and development institute"},{"key":"814_CR12","doi-asserted-by":"publisher","first-page":"1228","DOI":"10.1016\/j.jcss.2007.08.003","volume":"74","author":"Y Kalnishkan","year":"2008","unstructured":"Kalnishkan Y, Vyugin M (2008) The weak aggregating algorithm and weak mixability. J Comput Syst Sci 74:1228\u20131244","journal-title":"J Comput Syst Sci"},{"key":"814_CR13","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1111\/j.1539-6924.1981.tb01350.x","volume":"1","author":"S Kaplan","year":"1981","unstructured":"Kaplan S, Garrick JB (1981) On the quantitative definition of risk. Risk Anal 1:1. https:\/\/doi.org\/10.1111\/j.1539-6924.1981.tb01350.x","journal-title":"Risk Anal"},{"key":"814_CR14","doi-asserted-by":"publisher","first-page":"33","DOI":"10.2307\/1913643","volume":"46","author":"R Koenker","year":"1978","unstructured":"Koenker R, Bassett G (1978) Regression quantiles. Econometrica 46:33\u201350","journal-title":"Econometrica"},{"key":"814_CR15","doi-asserted-by":"crossref","unstructured":"Koenker R, Xiao Z (2006) Quantile autoregression. J Am Stat Assoc","DOI":"10.1198\/016214506000000672"},{"issue":"2","key":"814_CR16","doi-asserted-by":"publisher","first-page":"73","DOI":"10.3905\/jod.1995.407942","volume":"3","author":"P Kupiec","year":"1995","unstructured":"Kupiec P (1995) Techniques for verifying the accuracy of risk measurement models. J Derivatives 3(2):73\u201384","journal-title":"J Derivatives"},{"key":"814_CR17","doi-asserted-by":"publisher","first-page":"516","DOI":"10.1016\/j.orl.2010.09.006","volume":"38","author":"T Levina","year":"2010","unstructured":"Levina T, Levin Y, McGill J, Nediak M, Vovk V (2010) Weak aggregating algorithm for the distribution-free perishable inventory problem. Oper Res Lett 38:516\u2013521","journal-title":"Oper Res Lett"},{"issue":"4","key":"814_CR18","doi-asserted-by":"publisher","first-page":"1133","DOI":"10.1109\/TCSS.2018.2858440","volume":"5","author":"S Li","year":"2018","unstructured":"Li S, Zhao S, Yuan Y, Sun Q, Zhang K (2018) Dynamic security risk evaluation via hybrid bayesian risk graph in cyber-physical social systems. IEEE Trans Comput Soc Syst 5(4):1133\u20131141. https:\/\/doi.org\/10.1109\/TCSS.2018.2858440","journal-title":"IEEE Trans Comput Soc Syst"},{"key":"814_CR19","doi-asserted-by":"publisher","DOI":"10.1080\/02664763.2016.1257590","author":"C Peng","year":"2016","unstructured":"Peng C, Xu M, Xu S, Hu T (2016) Modeling and predicting extreme cyber attack rates via marked point processes. J Appl Stat. https:\/\/doi.org\/10.1080\/02664763.2016.1257590","journal-title":"J Appl Stat"},{"key":"814_CR20","unstructured":"Raugas M, Ulrich J, Faux R, Finkelstein S, Cabot C (2013) Cyberv@r"},{"key":"814_CR21","doi-asserted-by":"publisher","DOI":"10.1214\/aos\/1176344136","author":"G Schwarz","year":"1978","unstructured":"Schwarz G (1978) Estimating the dimension of a model. Ann Stat. https:\/\/doi.org\/10.1214\/aos\/1176344136","journal-title":"Ann Stat"},{"key":"814_CR22","volume-title":"Time series analysis and its application with R examples","author":"RH Shumway","year":"2016","unstructured":"Shumway RH, Stoffer DS (2016) Time series analysis and its application with R examples, Fourth. Springer, New York","edition":"Fourth"},{"key":"814_CR23","doi-asserted-by":"crossref","unstructured":"Taubenberger S, J\u00fcrjens J, Yu Y, Nuseibeh B (2011) Problem analysis of traditional IT-security risk assessment methods. Int Inform Security Conf, 259\u2013270","DOI":"10.1007\/978-3-642-21424-0_21"},{"key":"814_CR24","doi-asserted-by":"crossref","unstructured":"Vovk V (1990) Aggregating strategies. In: Proceedings of the 3rd annual workshop on computational learning theory, pp 371\u2013383, San Mateo, CA. Morgan Kaufmann","DOI":"10.1016\/B978-1-55860-146-8.50032-1"},{"issue":"2","key":"814_CR25","doi-asserted-by":"publisher","first-page":"213","DOI":"10.1111\/j.1751-5823.2001.tb00457.x","volume":"69","author":"V Vovk","year":"2001","unstructured":"Vovk V (2001) Competitive on-line statistics. Int Stat Rev 69(2):213\u2013248","journal-title":"Int Stat Rev"},{"key":"814_CR26","doi-asserted-by":"publisher","first-page":"2856","DOI":"10.1109\/TIFS.2018.2834227","volume":"13","author":"M Xu","year":"2018","unstructured":"Xu M, Schweitzer KM, Bateman RM, Xu S (2018) Modeling and predicting cyber hacking breaches. IEEE Trans Inf Forensics Secur 13:2856\u20132871","journal-title":"IEEE Trans Inf Forensics Secur"}],"container-title":["Data Mining and Knowledge Discovery"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10618-021-00814-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10618-021-00814-z\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10618-021-00814-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,3,29]],"date-time":"2022-03-29T10:01:33Z","timestamp":1648548093000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10618-021-00814-z"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,1,4]]},"references-count":26,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2022,3]]}},"alternative-id":["814"],"URL":"https:\/\/doi.org\/10.1007\/s10618-021-00814-z","relation":{},"ISSN":["1384-5810","1573-756X"],"issn-type":[{"value":"1384-5810","type":"print"},{"value":"1573-756X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,1,4]]},"assertion":[{"value":"22 April 2021","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"13 November 2021","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"4 January 2022","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}