6,855 research outputs found
Malware in the Future? Forecasting of Analyst Detection of Cyber Events
There have been extensive efforts in government, academia, and industry to
anticipate, forecast, and mitigate cyber attacks. A common approach is
time-series forecasting of cyber attacks based on data from network telescopes,
honeypots, and automated intrusion detection/prevention systems. This research
has uncovered key insights such as systematicity in cyber attacks. Here, we
propose an alternate perspective of this problem by performing forecasting of
attacks that are analyst-detected and -verified occurrences of malware. We call
these instances of malware cyber event data. Specifically, our dataset was
analyst-detected incidents from a large operational Computer Security Service
Provider (CSSP) for the U.S. Department of Defense, which rarely relies only on
automated systems. Our data set consists of weekly counts of cyber events over
approximately seven years. Since all cyber events were validated by analysts,
our dataset is unlikely to have false positives which are often endemic in
other sources of data. Further, the higher-quality data could be used for a
number for resource allocation, estimation of security resources, and the
development of effective risk-management strategies. We used a Bayesian State
Space Model for forecasting and found that events one week ahead could be
predicted. To quantify bursts, we used a Markov model. Our findings of
systematicity in analyst-detected cyber attacks are consistent with previous
work using other sources. The advanced information provided by a forecast may
help with threat awareness by providing a probable value and range for future
cyber events one week ahead. Other potential applications for cyber event
forecasting include proactive allocation of resources and capabilities for
cyber defense (e.g., analyst staffing and sensor configuration) in CSSPs.
Enhanced threat awareness may improve cybersecurity.Comment: Revised version resubmitted to journa
Spatiotemporal patterns and predictability of cyberattacks
A relatively unexplored issue in cybersecurity science and engineering is
whether there exist intrinsic patterns of cyberattacks. Conventional wisdom
favors absence of such patterns due to the overwhelming complexity of the
modern cyberspace. Surprisingly, through a detailed analysis of an extensive
data set that records the time-dependent frequencies of attacks over a
relatively wide range of consecutive IP addresses, we successfully uncover
intrinsic spatiotemporal patterns underlying cyberattacks, where the term
"spatio" refers to the IP address space. In particular, we focus on analyzing
{\em macroscopic} properties of the attack traffic flows and identify two main
patterns with distinct spatiotemporal characteristics: deterministic and
stochastic. Strikingly, there are very few sets of major attackers committing
almost all the attacks, since their attack "fingerprints" and target selection
scheme can be unequivocally identified according to the very limited number of
unique spatiotemporal characteristics, each of which only exists on a
consecutive IP region and differs significantly from the others. We utilize a
number of quantitative measures, including the flux-fluctuation law, the Markov
state transition probability matrix, and predictability measures, to
characterize the attack patterns in a comprehensive manner. A general finding
is that the attack patterns possess high degrees of predictability, potentially
paving the way to anticipating and, consequently, mitigating or even preventing
large-scale cyberattacks using macroscopic approaches
Spatiotemporal Patterns and Predictability of Cyberattacks
Y.C.L. was supported by Air Force Office of Scientific Research (AFOSR) under grant no. FA9550-10-1-0083 and Army Research Office (ARO) under grant no. W911NF-14-1-0504. S.X. was supported by Army Research Office (ARO) under grant no. W911NF-13-1-0141. The funders had no role in study design, data collection and analysis, decision to publish, or preparation of the manuscript.Peer reviewedPublisher PD
A Deep Learning Framework for Predicting Cyber Attacks Rates
Like how useful weather forecasting is, the capability of forecasting or predicting cyber threats can never be overestimated. Previous investigations show that cyber attack data exhibits interesting phenomena, such as long-range dependence and high nonlinearity, which impose a particular challenge on modeling and predicting cyber attack rates. Deviating from the statistical approach that is utilized in the literature, in this paper we develop a deep learning framework by utilizing the bi-directional recurrent neural networks with long short-term memory, dubbed BRNN-LSTM. Empirical study shows that BRNN-LSTM achieves a significantly higher prediction accuracy when compared with the statistical approach
Early Warning Analysis for Social Diffusion Events
There is considerable interest in developing predictive capabilities for
social diffusion processes, for instance to permit early identification of
emerging contentious situations, rapid detection of disease outbreaks, or
accurate forecasting of the ultimate reach of potentially viral ideas or
behaviors. This paper proposes a new approach to this predictive analytics
problem, in which analysis of meso-scale network dynamics is leveraged to
generate useful predictions for complex social phenomena. We begin by deriving
a stochastic hybrid dynamical systems (S-HDS) model for diffusion processes
taking place over social networks with realistic topologies; this modeling
approach is inspired by recent work in biology demonstrating that S-HDS offer a
useful mathematical formalism with which to represent complex, multi-scale
biological network dynamics. We then perform formal stochastic reachability
analysis with this S-HDS model and conclude that the outcomes of social
diffusion processes may depend crucially upon the way the early dynamics of the
process interacts with the underlying network's community structure and
core-periphery structure. This theoretical finding provides the foundations for
developing a machine learning algorithm that enables accurate early warning
analysis for social diffusion events. The utility of the warning algorithm, and
the power of network-based predictive metrics, are demonstrated through an
empirical investigation of the propagation of political memes over social media
networks. Additionally, we illustrate the potential of the approach for
security informatics applications through case studies involving early warning
analysis of large-scale protests events and politically-motivated cyber
attacks
Global Risks 2012, Seventh Edition
The World Economic Forum's Global Risks 2012 report is based on a survey of 469 experts from industry, government, academia and civil society that examines 50 global risks across five categories. The report emphasizes the singular effect of a particular constellation of global risks rather than focusing on a single existential risk. Three distinct constellations of risks that present a very serious threat to our future prosperity and security emerged from a review of this year's set of risks. Includes a special review of the important lessons learned from the 2011 earthquake, tsunami and the subsequent nuclear crisis at Fukushima, Japan. It focuses on therole of leadership, challenges to effective communication in this information age and resilient business models in response to crises of unforeseen magnitude
- …