Fibonacci sequence and EWMA for intrusion forecasting system

“…Regarding DDoS attacks, it is expected these attacks to become more common against independent media and human rights sites in 2011, as the recent highly publicized DDoS attacks on Wikileaks, and "Operation Payback" attacks by "Anonymous" on sites perceived to oppose Wikileaks (Zuckerman et al, 2010). According to (Pontes et al, 2008), (Pontes & Guelfi, 2009a), (Pontes & Guelfi, 2009b), (Pontes & Zucchi, 2010), an early warning system showing a future trend outlook with an increasing number of cyber-attacks, exposed by forecasting analysis, may influence decisions on the security devices adoption (e.g. rules in IDPS combined with rules in firewalls) before incidents happen, according to the needs.…”

“…In other hand, security alerts are types of security events, indicating anomalous activities or cyber attacks . In our earlier works we proposed the Distributed Intrusion Forecasting System (DIFS) , (Pontes & Zucchi, 2010), which covered the following gaps of today's forecasting techniques in IDPS: a) the use of few sensors and/or sensors employed locally for capturing data; b) the use of just one forecasting technique; and c) lack of information sharing among sensors to be used for correlation. Notwithstanding, we faced huge amount of alerts which could have negative influence over forecasting results.…”

“…In this section we approach event correlation for detecting cyber-attacks, the forecasting methods used to predict cyber-attacks and Distributed Architecture for Intrusion Forecasting System (DIFS , (Pontes & Zucchi, 2010).…”

“…Reference (Cisar and Cisar, 2007) gives an overview of adopting EWMA with adaptive thresholds, based on normal profile of network traffic. The analysis of thresholds with EWMA may summarize huge amount of data in network traffic (Zhay et al, 2006), (Pontes & Zucchi, 2010). Diverse moving averages, combined with Fibonacci sequence forecasting approach, were also used by (Zuckerman et al, 2010) to spot trends of cyber attacks in the (DARPA, 1998) datasets.…”

“…Therefore, there is no collaboration among the forecasters. Besides: the concept of sensors is not adopted in (Pontes et al, 2008), (Pontes & Guelfi, 2009a), (Pontes & Guelfi, 2009b), (Pontes & Zucchi, 2010), (Ishida et al, 2005), (Viinikka et al, 2006), (Ye et al, 2003).…”

Earthquake Prediction: Analogy with Forecasting Models for Cyber Attacks in Internet and Computer Systems

“…Regarding DDoS attacks, it is expected these attacks to become more common against independent media and human rights sites in 2011, as the recent highly publicized DDoS attacks on Wikileaks, and "Operation Payback" attacks by "Anonymous" on sites perceived to oppose Wikileaks (Zuckerman et al, 2010). According to (Pontes et al, 2008), (Pontes & Guelfi, 2009a), (Pontes & Guelfi, 2009b), (Pontes & Zucchi, 2010), an early warning system showing a future trend outlook with an increasing number of cyber-attacks, exposed by forecasting analysis, may influence decisions on the security devices adoption (e.g. rules in IDPS combined with rules in firewalls) before incidents happen, according to the needs.…”

“…In other hand, security alerts are types of security events, indicating anomalous activities or cyber attacks . In our earlier works we proposed the Distributed Intrusion Forecasting System (DIFS) , (Pontes & Zucchi, 2010), which covered the following gaps of today's forecasting techniques in IDPS: a) the use of few sensors and/or sensors employed locally for capturing data; b) the use of just one forecasting technique; and c) lack of information sharing among sensors to be used for correlation. Notwithstanding, we faced huge amount of alerts which could have negative influence over forecasting results.…”

“…In this section we approach event correlation for detecting cyber-attacks, the forecasting methods used to predict cyber-attacks and Distributed Architecture for Intrusion Forecasting System (DIFS , (Pontes & Zucchi, 2010).…”

“…Reference (Cisar and Cisar, 2007) gives an overview of adopting EWMA with adaptive thresholds, based on normal profile of network traffic. The analysis of thresholds with EWMA may summarize huge amount of data in network traffic (Zhay et al, 2006), (Pontes & Zucchi, 2010). Diverse moving averages, combined with Fibonacci sequence forecasting approach, were also used by (Zuckerman et al, 2010) to spot trends of cyber attacks in the (DARPA, 1998) datasets.…”

“…Therefore, there is no collaboration among the forecasters. Besides: the concept of sensors is not adopted in (Pontes et al, 2008), (Pontes & Guelfi, 2009a), (Pontes & Guelfi, 2009b), (Pontes & Zucchi, 2010), (Ishida et al, 2005), (Viinikka et al, 2006), (Ye et al, 2003).…”

Earthquake Prediction: Analogy with Forecasting Models for Cyber Attacks in Internet and Computer Systems

Applying multi-correlation for improving forecasting in cyber security

PRBS/EWMA based model for predicting burst attacks (Brute Froce, DoS) in computer networks