Malware in the Future? Forecasting of Analyst Detection of Cyber Events

There have been extensive efforts in government, academia, and industry to anticipate, forecast, and mitigate cyber attacks. A common approach is time-series forecasting of cyber attacks based on data from network telescopes, honeypots, and automated intrusion detection/prevention systems. This research has uncovered key insights such as systematicity in cyber attacks. Here, we propose an alternate perspective of this problem by performing forecasting of attacks that are analyst-detected and -verified occurrences of malware. We call these instances of malware cyber event data. Specifically, our dataset was analyst-detected incidents from a large operational Computer Security Service Provider (CSSP) for the U.S. Department of Defense, which rarely relies only on automated systems. Our data set consists of weekly counts of cyber events over approximately seven years. Since all cyber events were validated by analysts, our dataset is unlikely to have false positives which are often endemic in other sources of data. Further, the higher-quality data could be used for a number for resource allocation, estimation of security resources, and the development of effective risk-management strategies. We used a Bayesian State Space Model for forecasting and found that events one week ahead could be predicted. To quantify bursts, we used a Markov model. Our findings of systematicity in analyst-detected cyber attacks are consistent with previous work using other sources. The advanced information provided by a forecast may help with threat awareness by providing a probable value and range for future cyber events one week ahead. Other potential applications for cyber event forecasting include proactive allocation of resources and capabilities for cyber defense (e.g., analyst staffing and sensor configuration) in CSSPs. Enhanced threat awareness may improve cybersecurity.Comment: Revised version resubmitted to journa

Evolution of Threats in the Global Risk Network

With a steadily growing population and rapid advancements in technology, the global economy is increasing in size and complexity. This growth exacerbates global vulnerabilities and may lead to unforeseen consequences such as global pandemics fueled by air travel, cyberspace attacks, and cascading failures caused by the weakest link in a supply chain. Hence, a quantitative understanding of the mechanisms driving global network vulnerabilities is urgently needed. Developing methods for efficiently monitoring evolution of the global economy is essential to such understanding. Each year the World Economic Forum publishes an authoritative report on the state of the global economy and identifies risks that are likely to be active, impactful or contagious. Using a Cascading Alternating Renewal Process approach to model the dynamics of the global risk network, we are able to answer critical questions regarding the evolution of this network. To fully trace the evolution of the network we analyze the asymptotic state of risks (risk levels which would be reached in the long term if the risks were left unabated) given a snapshot in time, this elucidates the various challenges faced by the world community at each point in time. We also investigate the influence exerted by each risk on others. Results presented here are obtained through either quantitative analysis or computational simulations.Comment: 27 pages, 15 figure