32,453 research outputs found
Malware in the Future? Forecasting of Analyst Detection of Cyber Events
There have been extensive efforts in government, academia, and industry to
anticipate, forecast, and mitigate cyber attacks. A common approach is
time-series forecasting of cyber attacks based on data from network telescopes,
honeypots, and automated intrusion detection/prevention systems. This research
has uncovered key insights such as systematicity in cyber attacks. Here, we
propose an alternate perspective of this problem by performing forecasting of
attacks that are analyst-detected and -verified occurrences of malware. We call
these instances of malware cyber event data. Specifically, our dataset was
analyst-detected incidents from a large operational Computer Security Service
Provider (CSSP) for the U.S. Department of Defense, which rarely relies only on
automated systems. Our data set consists of weekly counts of cyber events over
approximately seven years. Since all cyber events were validated by analysts,
our dataset is unlikely to have false positives which are often endemic in
other sources of data. Further, the higher-quality data could be used for a
number for resource allocation, estimation of security resources, and the
development of effective risk-management strategies. We used a Bayesian State
Space Model for forecasting and found that events one week ahead could be
predicted. To quantify bursts, we used a Markov model. Our findings of
systematicity in analyst-detected cyber attacks are consistent with previous
work using other sources. The advanced information provided by a forecast may
help with threat awareness by providing a probable value and range for future
cyber events one week ahead. Other potential applications for cyber event
forecasting include proactive allocation of resources and capabilities for
cyber defense (e.g., analyst staffing and sensor configuration) in CSSPs.
Enhanced threat awareness may improve cybersecurity.Comment: Revised version resubmitted to journa
Recommended from our members
Lee-Carter goes risk-neutral: an application to the Italian annuity market
We consider a class of stochastic intensities of mortality that generalizes the model proposed by Lee and Carter (1992), allowing general diffusions to drive the mortality time-trend. We analyze the stability of such class of intensities under measure changes and show how a risk-neutral version of the generalized Lee-Carter model can be employed for fair valuation purposes. We provide an example of model calibration based on the Italian annuity market
Terrorism Risk Concern in Europe
We explore whether differences of terrorism risk perception across all European countries reflect their underlying differences in terrorism risk, which we decompose into a long term and innovation component. We employ longitudinal country-level data on terrorism risk concern and our modeling approach is motivated by the Bayesian framework. We conclude that the observed risk perception variation is significantly explained by the long term terrorism countries face, while the cyclical part of terrorism activity does not affect risk perception.
- …