5 research outputs found
Malware in the Future? Forecasting of Analyst Detection of Cyber Events
There have been extensive efforts in government, academia, and industry to
anticipate, forecast, and mitigate cyber attacks. A common approach is
time-series forecasting of cyber attacks based on data from network telescopes,
honeypots, and automated intrusion detection/prevention systems. This research
has uncovered key insights such as systematicity in cyber attacks. Here, we
propose an alternate perspective of this problem by performing forecasting of
attacks that are analyst-detected and -verified occurrences of malware. We call
these instances of malware cyber event data. Specifically, our dataset was
analyst-detected incidents from a large operational Computer Security Service
Provider (CSSP) for the U.S. Department of Defense, which rarely relies only on
automated systems. Our data set consists of weekly counts of cyber events over
approximately seven years. Since all cyber events were validated by analysts,
our dataset is unlikely to have false positives which are often endemic in
other sources of data. Further, the higher-quality data could be used for a
number for resource allocation, estimation of security resources, and the
development of effective risk-management strategies. We used a Bayesian State
Space Model for forecasting and found that events one week ahead could be
predicted. To quantify bursts, we used a Markov model. Our findings of
systematicity in analyst-detected cyber attacks are consistent with previous
work using other sources. The advanced information provided by a forecast may
help with threat awareness by providing a probable value and range for future
cyber events one week ahead. Other potential applications for cyber event
forecasting include proactive allocation of resources and capabilities for
cyber defense (e.g., analyst staffing and sensor configuration) in CSSPs.
Enhanced threat awareness may improve cybersecurity.Comment: Revised version resubmitted to journa
Evolution of Threats in the Global Risk Network
With a steadily growing population and rapid advancements in technology, the
global economy is increasing in size and complexity. This growth exacerbates
global vulnerabilities and may lead to unforeseen consequences such as global
pandemics fueled by air travel, cyberspace attacks, and cascading failures
caused by the weakest link in a supply chain. Hence, a quantitative
understanding of the mechanisms driving global network vulnerabilities is
urgently needed. Developing methods for efficiently monitoring evolution of the
global economy is essential to such understanding. Each year the World Economic
Forum publishes an authoritative report on the state of the global economy and
identifies risks that are likely to be active, impactful or contagious. Using a
Cascading Alternating Renewal Process approach to model the dynamics of the
global risk network, we are able to answer critical questions regarding the
evolution of this network. To fully trace the evolution of the network we
analyze the asymptotic state of risks (risk levels which would be reached in
the long term if the risks were left unabated) given a snapshot in time, this
elucidates the various challenges faced by the world community at each point in
time. We also investigate the influence exerted by each risk on others. Results
presented here are obtained through either quantitative analysis or
computational simulations.Comment: 27 pages, 15 figure