Malware in the future? Forecasting of analyst detection of cyber events
<p dir="ltr">Cyberattacks endanger physical, economic, social, and political security. There have been extensive efforts in government, academia, and industry to anticipate, forecast, and mitigate such cyberattacks. A common approach is time-series forecasting of cyberattacks based o...
محفوظ في:
| المؤلف الرئيسي: | |
|---|---|
| مؤلفون آخرون: | , , , , , , |
| منشور في: |
2018
|
| الموضوعات: | |
| الوسوم: |
إضافة وسم
لا توجد وسوم, كن أول من يضع وسما على هذه التسجيلة!
|
| _version_ | 1864513512997388288 |
|---|---|
| author | Jonathan Z Bakdash (18697012) |
| author2 | Steve Hutchinson (18697015) Erin G Zaroukian (18697018) Laura R Marusich (18697021) Saravanan Thirumuruganathan (11038038) Charmaine Sample (18697024) Blaine Hoffman (5985920) Gautam Das (1968916) |
| author2_role | author author author author author author author |
| author_facet | Jonathan Z Bakdash (18697012) Steve Hutchinson (18697015) Erin G Zaroukian (18697018) Laura R Marusich (18697021) Saravanan Thirumuruganathan (11038038) Charmaine Sample (18697024) Blaine Hoffman (5985920) Gautam Das (1968916) |
| author_role | author |
| dc.creator.none.fl_str_mv | Jonathan Z Bakdash (18697012) Steve Hutchinson (18697015) Erin G Zaroukian (18697018) Laura R Marusich (18697021) Saravanan Thirumuruganathan (11038038) Charmaine Sample (18697024) Blaine Hoffman (5985920) Gautam Das (1968916) |
| dc.date.none.fl_str_mv | 2018-12-22T03:00:00Z |
| dc.identifier.none.fl_str_mv | 10.1093/cybsec/tyy007 |
| dc.relation.none.fl_str_mv | https://figshare.com/articles/journal_contribution/Malware_in_the_future_Forecasting_of_analyst_detection_of_cyber_events/25931008 |
| dc.rights.none.fl_str_mv | CC BY 4.0 info:eu-repo/semantics/openAccess |
| dc.subject.none.fl_str_mv | Information and computing sciences Cybersecurity and privacy Information systems cybersecurity forecasting prediction cyberattack malware computer security service provider |
| dc.title.none.fl_str_mv | Malware in the future? Forecasting of analyst detection of cyber events |
| dc.type.none.fl_str_mv | Text Journal contribution info:eu-repo/semantics/publishedVersion text contribution to journal |
| description | <p dir="ltr">Cyberattacks endanger physical, economic, social, and political security. There have been extensive efforts in government, academia, and industry to anticipate, forecast, and mitigate such cyberattacks. A common approach is time-series forecasting of cyberattacks based on data from network telescopes, honeypots, and automated intrusion detection/prevention systems. This research has uncovered key insights such as systematicity in cyberattacks. Here, we propose an alternate perspective of this problem by performing forecasting of attacks that are “analyst-detected” and “-verified” occurrences of malware. We call these instances of malware cyber event data. Specifically, our dataset was analyst-detected incidents from a large operational Computer Security Service Provider (CSSP) for the US Department of Defense, which rarely relies only on automated systems. Our data set consists of weekly counts of cyber events over approximately 7 years. This curated dataset has characteristics that distinguish it from most datasets used in prior research on cyberattacks. Since all cyber events were validated by analysts, our dataset is unlikely to have false positives which are often endemic in other sources of data. Further, the higher-quality data could be used for a number of important tasks for CSSPs such as resource allocation, estimation of security resources, and the development of effective risk-management strategies. To quantify bursts, we used a Markov model of state transitions. For forecasting, we used a Bayesian State Space Model and found that events one week ahead could be predicted with reasonable accuracy, with the exception of bursts. Our findings of systematicity in analyst-detected cyberattacks are consistent with previous work using cyberattack data from other sources. The advanced information provided by a forecast may help with threat awareness by providing a probable value and range for future cyber events one week ahead, similar to a weather forecast. Other potential applications for cyber event forecasting include proactive allocation of resources and capabilities for cyber defense (e.g., analyst staffing and sensor configuration) in CSSPs. Enhanced threat awareness may improve cybersecurity by helping to optimize human and technical capabilities for cyber defense.</p><h2>Other Information</h2><p dir="ltr">Published in: Journal of Cybersecurity<br>License: <a href="https://creativecommons.org/licenses/by/4.0/" target="_blank">https://creativecommons.org/licenses/by/4.0/</a><br>See article on publisher's website: <a href="https://dx.doi.org/10.1093/cybsec/tyy007" target="_blank">https://dx.doi.org/10.1093/cybsec/tyy007</a></p> |
| eu_rights_str_mv | openAccess |
| id | Manara2_9a6a549fec4a6d177d4b745276d5c78b |
| identifier_str_mv | 10.1093/cybsec/tyy007 |
| network_acronym_str | Manara2 |
| network_name_str | Manara2 |
| oai_identifier_str | oai:figshare.com:article/25931008 |
| publishDate | 2018 |
| repository.mail.fl_str_mv | |
| repository.name.fl_str_mv | |
| repository_id_str | |
| rights_invalid_str_mv | CC BY 4.0 |
| spelling | Malware in the future? Forecasting of analyst detection of cyber eventsJonathan Z Bakdash (18697012)Steve Hutchinson (18697015)Erin G Zaroukian (18697018)Laura R Marusich (18697021)Saravanan Thirumuruganathan (11038038)Charmaine Sample (18697024)Blaine Hoffman (5985920)Gautam Das (1968916)Information and computing sciencesCybersecurity and privacyInformation systemscybersecurityforecastingpredictioncyberattackmalwarecomputer security service provider<p dir="ltr">Cyberattacks endanger physical, economic, social, and political security. There have been extensive efforts in government, academia, and industry to anticipate, forecast, and mitigate such cyberattacks. A common approach is time-series forecasting of cyberattacks based on data from network telescopes, honeypots, and automated intrusion detection/prevention systems. This research has uncovered key insights such as systematicity in cyberattacks. Here, we propose an alternate perspective of this problem by performing forecasting of attacks that are “analyst-detected” and “-verified” occurrences of malware. We call these instances of malware cyber event data. Specifically, our dataset was analyst-detected incidents from a large operational Computer Security Service Provider (CSSP) for the US Department of Defense, which rarely relies only on automated systems. Our data set consists of weekly counts of cyber events over approximately 7 years. This curated dataset has characteristics that distinguish it from most datasets used in prior research on cyberattacks. Since all cyber events were validated by analysts, our dataset is unlikely to have false positives which are often endemic in other sources of data. Further, the higher-quality data could be used for a number of important tasks for CSSPs such as resource allocation, estimation of security resources, and the development of effective risk-management strategies. To quantify bursts, we used a Markov model of state transitions. For forecasting, we used a Bayesian State Space Model and found that events one week ahead could be predicted with reasonable accuracy, with the exception of bursts. Our findings of systematicity in analyst-detected cyberattacks are consistent with previous work using cyberattack data from other sources. The advanced information provided by a forecast may help with threat awareness by providing a probable value and range for future cyber events one week ahead, similar to a weather forecast. Other potential applications for cyber event forecasting include proactive allocation of resources and capabilities for cyber defense (e.g., analyst staffing and sensor configuration) in CSSPs. Enhanced threat awareness may improve cybersecurity by helping to optimize human and technical capabilities for cyber defense.</p><h2>Other Information</h2><p dir="ltr">Published in: Journal of Cybersecurity<br>License: <a href="https://creativecommons.org/licenses/by/4.0/" target="_blank">https://creativecommons.org/licenses/by/4.0/</a><br>See article on publisher's website: <a href="https://dx.doi.org/10.1093/cybsec/tyy007" target="_blank">https://dx.doi.org/10.1093/cybsec/tyy007</a></p>2018-12-22T03:00:00ZTextJournal contributioninfo:eu-repo/semantics/publishedVersiontextcontribution to journal10.1093/cybsec/tyy007https://figshare.com/articles/journal_contribution/Malware_in_the_future_Forecasting_of_analyst_detection_of_cyber_events/25931008CC BY 4.0info:eu-repo/semantics/openAccessoai:figshare.com:article/259310082018-12-22T03:00:00Z |
| spellingShingle | Malware in the future? Forecasting of analyst detection of cyber events Jonathan Z Bakdash (18697012) Information and computing sciences Cybersecurity and privacy Information systems cybersecurity forecasting prediction cyberattack malware computer security service provider |
| status_str | publishedVersion |
| title | Malware in the future? Forecasting of analyst detection of cyber events |
| title_full | Malware in the future? Forecasting of analyst detection of cyber events |
| title_fullStr | Malware in the future? Forecasting of analyst detection of cyber events |
| title_full_unstemmed | Malware in the future? Forecasting of analyst detection of cyber events |
| title_short | Malware in the future? Forecasting of analyst detection of cyber events |
| title_sort | Malware in the future? Forecasting of analyst detection of cyber events |
| topic | Information and computing sciences Cybersecurity and privacy Information systems cybersecurity forecasting prediction cyberattack malware computer security service provider |