Applying multi-correlation for improving forecasting in cyber security

Pontes, Elvis; Guelfi, Adilson Eduardo; Kofuji, Sérgio Takeo; Silva, Anderson A. A.

doi:10.1109/icdim.2011.6093323

Cited by 8 publications

(4 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Variants of moving averages like exponential weighted moving average (EWMA) have been used on both autocorrelated and correlated data to detect intrusion 21 . Simple moving average and EWMA was used by Pontes et al 22 to forecast attacks for intrusion detection and prevention system. Various forecasting methods like simple moving average, weighted moving average, exponential smoothing, and linear regression have been used to predict a distributed denial of service attack's impact (intensity and size), with an error rate of less than 1% 23 .…”

Section: Related Workmentioning

confidence: 99%

Security analytics for real‐time forecasting of cyberattacks

et al. 2020

View full text Add to dashboard Cite

Summary Protection of networked computing infrastructures (such as Internet of Things, Industrial Control Systems, and Edge computing) is dependent on the continuous monitoring of interaction between such devices and network/Cloud‐based hosts (especially in Industry 4.0 environments). This real‐time monitoring enables an analyst to quantify evolving and emerging threats to such network infrastructures. A framework for identifying patterns in observed cyberthreats and the use of these patterns for forecasting the growth of an emerging threat to network infrastructure is proposed. This framework enables predicting the maximum threat intensity and the time period over which this maximum intensity is likely to occur. The proposed framework integrates: (a) continuous monitoring of device/network activity, (b) forecasting behavior using exponentially weighted moving averages, (c) utilizing Fibonacci retracement for estimating the potential intensity of a cyberattack, and (d) linear regression for predicting response time for high risk thresholds and a machine learning strategy to predict potential risk over a pre‐defined time window. Using this approach, we can produce time intervals between the forecast and the actual attacks using real‐world network activity data. Our results show an average lead time of around 1.75 hours, providing a window of opportunity to limit the impact of an attack and counter it.

show abstract

Section: Related Workmentioning

confidence: 99%

Security analytics for real‐time forecasting of cyberattacks

et al. 2020

View full text Add to dashboard Cite

show abstract

“…Forecasting methods such as [25], [26], [27] analyze network traffic. Where [25] is specific to predicting attacks using IPV4 packet traffic, and [26] looks at various network sensors at different layers to prevent unwanted Internet traffic, whereas [27] combines DNS traffic with security metadata such as number of policy violations and the number of clients in the network. Many researchers such as [28] based cyber prediction on open source information.…”

Section: B Predicting Cyber Attackmentioning

confidence: 99%

Predicting Cyber-Events by Leveraging Hacker Sentiment

2018

View full text Add to dashboard Cite

Recent high-profile cyber attacks exemplify why organizations need better cyber defenses. Cyber threats are hard to accurately predict because attackers usually try to mask their traces. However, they often discuss exploits and techniques on hacking forums. The community behavior of the hackers may provide insights into groups' collective malicious activity. We propose a novel approach to predict cyber events using sentiment analysis. We test our approach using cyber attack data from 2 major business organizations. We consider 3 types of events: malicious software installation, malicious destination visits, and malicious emails that surpassed the target organizations' defenses. We construct predictive signals by applying sentiment analysis on hacker forum posts to better understand hacker behavior. We analyze over 400K posts generated between January 2016 and January 2018 on over 100 hacking forums both on surface and Dark Web. We find that some forums have significantly more predictive power than others. Sentiment-based models that leverage specific forums can outperform state-of-the-art deep learning and time-series models on forecasting cyber attacks weeks ahead of the events.

show abstract

“…Due to their disruptive nature, predicting cyber attacks is an important research effort. Most research efforts focus on using network traffic for forecasting as in [19], [20]. These methods leverage network traffic or sensors at different layers as the underlying data to forecasting models.…”

Section: Related Workmentioning

confidence: 99%

Discovering Signals from Web Sources to Predict Cyber Attacks

Goyal,

Hossain,

Deb

et al. 2018

Preprint

View full text Add to dashboard Cite

Cyber attacks are growing in frequency and severity. Over the past year alone we have witnessed massive data breaches that stole personal information of millions of people and wide-scale ransomware attacks that paralyzed critical infrastructure of several countries. Combating the rising cyber threat calls for a multi-pronged strategy, which includes predicting when these attacks will occur. The intuition driving our approach is this: during the planning and preparation stages, hackers leave digital traces of their activities on both the surface web and dark web in the form of discussions on platforms like hacker forums, social media, blogs and the like. These data provide predictive signals that allow anticipating cyber attacks. In this paper, we describe machine learning techniques based on deep neural networks and autoregressive time series models that leverage external signals from publicly available Web sources to forecast cyber attacks. Performance of our framework across ground truth data over real-world forecasting tasks shows that our methods yield a significant lift or increase of F1 for the top signals on predicted cyber attacks. Our results suggest that, when deployed, our system will be able to provide an effective line of defense against various types of targeted cyber attacks.

show abstract

Applying multi-correlation for improving forecasting in cyber security

Cited by 8 publications

References 21 publications

Security analytics for real‐time forecasting of cyberattacks

Security analytics for real‐time forecasting of cyberattacks

Predicting Cyber-Events by Leveraging Hacker Sentiment

Discovering Signals from Web Sources to Predict Cyber Attacks

Contact Info

Product

Resources

About