Forecasting Cyberattacks as Time Series with Different Aggregation Granularity
作者: Gordon Werner , Ahmet Okutan , Shanchieh Yang , Katie McConky
关键词: Bayesian network 、 Ground truth 、 Computer science 、 Data mining 、 Cyber-attack 、 Intrusion detection system 、 Moving average 、 Autoregressive integrated moving average 、 Categorical variable 、 Baseline (configuration management)
摘要: Cyber defense can no longer be limited to intrusion detection methods. These systems require malicious activity enter an internal network before attack detected. Having advanced, predictive knowledge of future attacks allow a potential victim heighten security and possibly prevent any traffic from breaching the network. This paper investigates use Auto-Regressive Integrated Moving Average (ARIMA) models Bayesian Networks (BN) predict cyber occurrences intensities against two target entities. In addition incident count forecasting, categorical binary occurrence metrics are proposed better represent volume forecasts victim. Different measurement periods used in time series construction model temporal patterns unique each type configuration, seeing over 86% improvement baseline forecasts. Using ground truth aggregated different as signals, BN is trained tested for obtained results provided further evidence support findings ARIMA. work highlights complexity occurrences; subset has characteristics influenced by number external factors.
sci-hub.se 参考文章(12)
Ekta Gandotra, Divya Bansal, Sanjeev Sofat, Computational Techniques for Predicting Cyber Threats Advances in Intelligent Systems and Computing. pp. 247- 253 ,(2015) , 10.1007/978-81-322-2012-1_26
Yinhui Li, Jingbo Xia, Silan Zhang, Jiakai Yan, Xiaochuan Ai, Kuobin Dai, An efficient intrusion detection system based on support vector machines and gradually feature removal method Expert Systems With Applications. ,vol. 39, pp. 424- 430 ,(2012) , 10.1016/J.ESWA.2011.07.032
Gregory F. Cooper, Edward Herskovits, A Bayesian Method for the Induction of Probabilistic Networks from Data Machine Learning. ,vol. 9, pp. 309- 347 ,(1992) , 10.1023/A:1022649401552
D.S. Fava, S.R. Byers, S.J. Yang, Projecting Cyberattacks Through Variable-Length Markov Models IEEE Transactions on Information Forensics and Security. ,vol. 3, pp. 359- 369 ,(2008) , 10.1109/TIFS.2008.924605
Zhenxin Zhan, Maochao Xu, Shouhuai Xu, Predicting Cyber Attack Rates With Extreme Values IEEE Transactions on Information Forensics and Security. ,vol. 10, pp. 1666- 1677 ,(2015) , 10.1109/TIFS.2015.2422261
Jiong Zhang, M. Zulkernine, A. Haque, Random-Forests-Based Network Intrusion Detection Systems systems man and cybernetics. ,vol. 38, pp. 649- 659 ,(2008) , 10.1109/TSMCC.2008.923876
Jan G. De Gooijer, Rob J. Hyndman, 25 Years of Time Series Forecasting International Journal of Forecasting. ,vol. 22, pp. 443- 473 ,(2006) , 10.1016/J.IJFORECAST.2006.01.001
Gordon Werner, Shanchieh Yang, Katie McConky, Time series forecasting of cyber attack intensity Proceedings of the 12th Annual Conference on Cyber and Information Security Research. pp. 18- ,(2017) , 10.1145/3064814.3064831
Ahmet Okutan, Shanchieh Jay Yang, Katie McConky, Predicting cyber attacks with bayesian networks using unconventional signals Proceedings of the 12th Annual Conference on Cyber and Information Security Research. pp. 13- ,(2017) , 10.1145/3064814.3064823
Ahmet Okutan, Gordon Werner, Katie McConky, Shanchieh Yang, Jay, POSTER: Cyber Attack Prediction of Threats from Unconventional Resources (CAPTURE) computer and communications security. pp. 2563- 2565 ,(2017) , 10.1145/3133956.3138834