Security in Cyberspace: Combatting Distributed Denial of Service Attacks
Why this work is in the frame
A frame that forgets how it found something cannot be audited. These are the routes that admitted this work.
Bibliographic record
Abstract
The poor state of cyber security is now attracting broad attention outside the community of computer security experts. This is a welcome development since it is clear that cyber attacks impose heavy costs and that the rate of attack is increasing. There are reasons to believe that insufficient social resources are devoted to ensuring cyber security for various reasons including the existence of positive externalities associated with investments in cyber security. This paper selects one cyber security problem for close analysis, namely that of distributed denial of service attacks (DDOS). This paper focuses on DDOS attacks because they are quite interesting from the legal perspective. The positive externality problem of cyber security investment is posed fairly clearly in this context, and the many types of parties implicated in some way in a DDOS attack offer numerous possible objects of legal or regulatory pressure. Most commentary on DDOS attacks focuses on the roles of software developers who release insecure code the weaknesses of which are later exploited to launch DDOS attacks, and computer users who fail to take basic steps to secure their machines. Having reviewed the reasons for this state of affairs, and explored the possibility of applying legal pressure to the various types of parties involved in a DDOS attack, the paper concludes that it is likely most efficient to address the problem by focusing on software insecurity. One way in which to encourage improvement in software security is to impose liability in negligence for software that falls below a reasonable standard of security. The victim of a DDOS attack would be a good plaintiff in such an action. The victim may suffer the kind of concentrated loss that provides a sufficient incentive to sue. Furthermore, the victim of a DDOS attack is not open to charges of contributory negligence in the way that an end-user who failed to install patches would be. A negligence claim brought by the victim of a DDOS attack against the manufacturer of insecure software that is later exploited to launch an attack is a complex one that raises important issues of policy at various stages of the negligence inquiry: duty of care, standard of care and proximate cause. The proposed tort claim must address the traditional reluctance of courts to award damages in negligence for pure economic loss. It must also establish that there is a sufficiently close relationship between software manufacturer and DDOS victim that will justify a finding of a duty to protect the plaintiff against the deliberate harmful conduct of third parties - a ground of negligence that is recognized, inter alia, within the landlord-tenant relationship. The inquiry into whether a duty of care should exist in this context offers the opportunity to raise the current debate over whether the metaphor of physical space is an appropriate one for legal reasoning about cyberspace. Is a quasi-monopolist vendor of key Internet-related software an architect or landlord in cyberspace?
Fetched live from OpenAlex and de-inverted. Abstracts are not stored in this database: the inverted indexes are 8.6 GB of the frame’s 9.3 GB of text, and the host has 13 GB free.
Full frame distilled prediction
Teacher imitationNot calibrated prevalence, not ground truth. Human validation pending. Learned from the 10,348 direct Codex labels and 10,348 direct Gemma labels. Candidate is the union of thresholded teacher heads; consensus is their intersection. These outputs are machine_predicted_unvalidated and are not human labels or direct frontier model labels.
Codex and Gemma teacher scores by category
| Category | Codex | Gemma |
|---|---|---|
| Metaresearch | 0.001 | 0.000 |
| Meta-epidemiology (narrow) | 0.000 | 0.000 |
| Meta-epidemiology (broad) | 0.000 | 0.000 |
| Bibliometrics | 0.000 | 0.001 |
| Science and technology studies | 0.000 | 0.000 |
| Scholarly communication | 0.000 | 0.001 |
| Open science | 0.001 | 0.000 |
| Research integrity | 0.000 | 0.001 |
| Insufficient payload (model declined to judge) | 0.000 | 0.000 |
Machine scores (provisional)
The two teacher heads of the student model, read on this work. A score orders the frame for review; it never asserts a category, and the validation status ships verbatim with every row.
Baseline scores from an immature model (maturity gate not passed, 7 training rounds). Scores rank; they never assert a category.
score_only:v0-immature-baseline · verbatim from the scoring run: score_only means the number may rank works, and no category label ships from it