2019
DOI: 10.1109/comst.2018.2871866
|View full text |Cite
|
Sign up to set email alerts
|

Survey of Attack Projection, Prediction, and Forecasting in Cyber Security

Abstract: This paper provides a survey of prediction, and forecasting methods used in cyber security. Four main tasks are discussed first, attack projection and intention recognition, in which there is a need to predict the next move or the intentions of the attacker, intrusion prediction, in which there is a need to predict upcoming cyber attacks, and network security situation forecasting, in which we project cybersecurity situation in the whole network. Methods and approaches for addressing these tasks often share th… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

1
128
0
1

Year Published

2019
2019
2022
2022

Publication Types

Select...
4
3
2

Relationship

0
9

Authors

Journals

citations
Cited by 226 publications
(130 citation statements)
references
References 106 publications
(170 reference statements)
1
128
0
1
Order By: Relevance
“…The precision of the attack predictions can be improved through more sophisticated methods (e.g. see [25]), but will also require more detail regarding the environments with more computational tradeoff. Besides this, the critical threats that we specify may be more useful for short-term rather than long-term analysis, where some non-critical threats can be the first step to launch more severe attacks.…”
Section: Discussionmentioning
confidence: 99%
“…The precision of the attack predictions can be improved through more sophisticated methods (e.g. see [25]), but will also require more detail regarding the environments with more computational tradeoff. Besides this, the critical threats that we specify may be more useful for short-term rather than long-term analysis, where some non-critical threats can be the first step to launch more severe attacks.…”
Section: Discussionmentioning
confidence: 99%
“…Statistical methods have been widely used in the context of data-driven cyber security research, such as intrusion detection [15][16][17][18]. However, deep learning has not received the due amount of attention in the context of cyber security [13,14]. This is true despite the fact that deep learning has been tremendous successful in other application domains [19][20][21] and has started to be employed in the cyber security domains, including adversarial malware detection [22,23] and vulnerability detection [24,25].…”
Section: Related Workmentioning
confidence: 99%
“…Moreover, researchers have studied how to use a Bayesian method to predict the increase or decrease of cyber attacks [6], how to use a hidden Markov model to predict the increase or decrease of Bot agents [7], how to use a seasonal ARIMA *Correspondence: xfang13@ilstu.edu 1 School of Information Technology, Illinois State University, Normal 61761, IL, USA Full list of author information is available at the end of the article model to predict cyber attacks [8], how to use a FARIMA model to predict cyber attack rates when the time series data exhibits long-range dependence [1], how to use a FARIMA+GARCH model to achieve even more accurate predictions by further accommodating the extreme values exhibited by the time series data [9], how to use a marked point process to model extreme cyber attack rates while considering both magnitudes and inter-arrival times of time series [10], how to use a vine copula model to quantify the effectiveness of cyber defense early-warning mechanisms [11], and how to use a vine copula model to predict multivariate time series of cybersecurity attacks while accommodating the high-dimensional dependence between the time series [12]. We refer to two recent surveys on the use of statistical methods in cyber incident and attack detection and prediction [13,14].…”
Section: Introductionmentioning
confidence: 99%
“…These are usually weighted, e.g., by the probability that the attacker will choose the action. If an attacker takes all the actions to transition from an initial state to any of the success states, the attack is successful, as the success states represent a system compromise [5]. A recent comprehensive taxonomy of attack graph generation and usage was proposed by Kaynar [8].…”
Section: Attack Graphs and Bayesian Networkmentioning
confidence: 99%