Modeling and Managing Risk in Billing Infrastructures

  • Fabrizio Baiardi
  • Claudio Telmon
  • Daniele Sgandurra
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 311)


This paper discusses risk modeling and risk management in information and communications technology (ICT) systems for which the attack impact distribution is heavy tailed (e.g., power law distribution) and the average risk is unbounded. Systems with these properties include billing infrastructures used to charge customers for services they access. Attacks against billing infrastructures can be classified as peripheral attacks and backbone attacks. The goal of a peripheral attack is to tamper with user bills; a backbone attack seeks to seize control of the billing infrastructure. The probability distribution of the overall impact of an attack on a billing infrastructure also has a heavy-tailed curve. This implies that the probability of a massive impact cannot be ignored and that the average impact may be unbounded – thus, even the most expensive countermeasures would be cost effective. Consequently, the only strategy for managing risk is to increase the resilience of the infrastructure by employing redundant components.


Risk modeling risk management billing infrastructures 


  1. 1.
    R. Albert, H. Jeong and A. Barabasi, Error and attack tolerance of complex networks, Nature, vol. 406, pp. 378–382, 2002.CrossRefGoogle Scholar
  2. 2.
    F. Baiardi, C. Telmon and D. Sgandurra, Hierarchical, model-based risk management of critical infrastructures, Reliability Engineering and System Safety, vol. 94(9), pp. 1403–1415, 2009.CrossRefGoogle Scholar
  3. 3.
    P. Bernstein, Against the Gods: The Remarkable Story of Risk, Wiley, New York, 1996.Google Scholar
  4. 4.
    J. Carlson and J. Doyle, HOT: A mechanism for power laws in designed systems, Physical Review E, vol. 60(2), pp. 1412–1427, 1999.CrossRefGoogle Scholar
  5. 5.
    A. Clauset, C. Shalizi and M. Newman, Power-law distributions in empirical data, arXiv:0706.1062v2, arXiv, Cornell University, Ithaca, New York (, 2007.Google Scholar
  6. 6.
    R. D’Souza, C. Borgs, J. Chayes, N. Berger and R. Kleinberg, Emergence of tempered preferential attachment from optimization, Proceedings of the National Academy of Sciences, vol. 104(15), pp. 6112–6117, 2007.CrossRefGoogle Scholar
  7. 7.
    C. Goldie and C. Kluppelberg, Subexponential distributions, in A Practical Guide to Heavy Tails: Statistical Techniques and Applications, R. Adler, R. Feldman and M. Taqqu (Eds.), Birkhauser, Boston, Massachusetts, pp. 435–459, 1998.Google Scholar
  8. 8.
    L. Lamport, R. Shostak and M. Pease, The Byzantine generals problem, ACM Transactions on Programming Languages and Systems, vol. 4(3), pp. 382–401, 1982.CrossRefzbMATHGoogle Scholar
  9. 9.
    L. LeMay, R. Nelli, G. Gross and C. Gunter, An integrated architecture for demand response communication and control, Proceedings of the Forty-First Annual Hawaii International Conference on System Sciences, p. 174, 2008.Google Scholar
  10. 10.
    T. Maillart and D. Sornette, Heavy-tailed distribution of cyber-risks, arXiv:0803.2256v2, arXiv, Cornell University, Ithaca, New York ( /PS_cache/arxiv/pdf/0803/0803.2256v2.pdf), 2008.zbMATHGoogle Scholar
  11. 11.
    D. Maluf, Y. Gawdiak and G. Bell, On space exploration and human error: A paper on reliability and safety, Proceedings of the Thirty-Eighth Annual Hawaii International Conference on System Sciences, p. 79, 2005.Google Scholar
  12. 12.
    B. Mandelbrot, Fractals and Scaling in Finance: Discontinuity, Concentration, Risk, Springer, New York, 1997.CrossRefzbMATHGoogle Scholar
  13. 13.
    B. Mandelbrot, New methods of statistical economics revisited: Short versus long tails and Gaussian versus power law distributions, Complexity, vol. 14(3), pp. 55–65, 2009.CrossRefGoogle Scholar
  14. 14.
    M. Mitzenmacher, A brief history of generative models for power law and log-normal distributions, Internet Mathematics, vol. 1(2), pp. 226–251, 2003.MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    National Infrastructure Protection Center, Risk Management: An Essential Guide to Protecting Critical Assets, Washington, DC, 2002.Google Scholar
  16. 16.
    M. Newman, The structure and function of complex networks, SIAM Review, vol. 45(2), pp. 167–256, 2003.MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    M. Newman, Power laws, Pareto distributions and Zipf’s law, Contemporary Physics, vol. 46, pp. 323–351, 2005.CrossRefGoogle Scholar
  18. 18.
    M. Newman, M. Girvan and J. Doyne Farmer, Optimal design, robustness and risk aversion, Physical Review Letters, vol. 89(2), pp. 028301.1–028301.4, 2002.CrossRefGoogle Scholar
  19. 19.
    M. Pease, R. Shostak and L. Lamport, Reaching agreement in the presence of faults, Journal of the ACM, vol. 27(2), pp. 228–234, 1980.MathSciNetCrossRefzbMATHGoogle Scholar
  20. 20.
    S. Resnick, Heavy-Tail Phenomena: Probabilistic and Statistical Modeling, Springer, New York, 2007.zbMATHGoogle Scholar
  21. 21.
    D. Sornette, Critical Phenomena in Natural Sciences: Chaos, Fractals, Self-Organization and Disorder: Concepts and Tools, Springer, Berlin-Heidelberg, Germany, 2006.zbMATHGoogle Scholar
  22. 22.
    N. Taleb, Black swans and the domains of statistics, The American Statistician, vol. 61(3), pp. 1–3, 2007.MathSciNetCrossRefGoogle Scholar
  23. 23.
    N. Taleb, The Black Swan: The Impact of the Highly Improbable, Random House, New York, 2007.Google Scholar
  24. 24.
    C. Wilke, S. Altmeyer and T. Martinetz, Large-scale evolution and extinction in a hierarchically structured environment, Proceedings of the Sixth International Conference on Artificial Life, pp. 266–272, 1998.Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2009

Authors and Affiliations

  • Fabrizio Baiardi
  • Claudio Telmon
  • Daniele Sgandurra

There are no affiliations available

Personalised recommendations