Cloudy with a chance of breach: forecasting cyber security incidents
作者: Yang Liu , Armin Sarabi , Jing Zhang , Parinaz Naghizadeh , Manish Karir
DOI:
关键词:
摘要: In this study we characterize the extent to which cyber security incidents, such as those referenced by Verizon in its annual Data Breach Investigations Reports (DBIR), can be predicted based on externally observable properties of an organization's network. We seek proactively forecast breaches and do so without cooperation organization itself. To accomplish goal, collect 258 measurable features about network from two main categories: mismanagement symptoms, misconfigured DNS or BGP within a network, malicious activity time series, include spam, phishing, scanning sourced these organizations. Using train test Random Forest (RF) classifier against more than 1,000 incident reports taken VERIS community database, Hackmageddon, Web Hacking Incidents Database that cover events mid-2013 end 2014. The resulting is able achieve 90% True Positive (TP) rate, 10% False (FP) overall accuracy.
acm.org 参考文章(25)
Zhuoqing Morley Mao, Yinglian Xie, Zhiyun Qian, Fang Yu, On Network-level Clusters for Spam Detection. network and distributed system security symposium. ,(2010)
Roberto Perdisci, David Dagon, Manos Antonakakis, Nick Feamster, Wenke Lee, Building a dynamic reputation system for DNS usenix security symposium. pp. 18- 18 ,(2010)
Matthew Wiener, Andy Liaw, Classification and Regression by randomForest ,(2007)
David Brumley, Shobha Venkataraman, Oliver Spatscheck, Subhabrata Sen, Automatically Inferring the Evolution of Malicious Activity on the Internet network and distributed system security symposium. ,(2013)
Kyle Soska, Nicolas Christin, Automatically detecting vulnerable websites before they turn malicious usenix security symposium. pp. 625- 640 ,(2014)
Marie Vasek, Tyler Moore, Identifying Risk Factors for Webserver Compromise Financial Cryptography and Data Security. pp. 326- 345 ,(2014) , 10.1007/978-3-662-45472-5_22
Andrew Y. Ng, Honglak Lee, Spam deobfuscation using a hidden markov model conference on email and anti-spam. ,(2005)
Christopher M. Bishop, Pattern Recognition and Machine Learning ,(2006)
Tianyi Wang, Ben Y. Zhao, Haitao Zhang, Gang Wang, Man vs. machine: practical adversarial detection of malicious crowdsourcing workers usenix security symposium. pp. 239- 254 ,(2014)
G. Lindberg, Anti-Spam Recommendations for SMTP MTAs RFC. ,vol. 2505, pp. 1- 24 ,(1999)