Biblio

In the paper is presented implementation of a system for detecting intrusion actions. An implementation of intrusion detection systems (IDS), their architectures, and intrusion detection methods are investigated. Analyzed are methods for SNORT (IDS) bandwidth traffic analysis in intrusion detection and prevention systems. The main requirements for Installation and configuration of the system are also discussed. Then the configuration of the firewall policy and specifics there, are also presented. It is also described the database structure, the operating modes, and analysis of the rules. Two of the most commonly implemented attacks and model for defense against them is proposed.

Cyber defense can no longer be limited to intrusion detection methods. These systems require malicious activity to enter an internal network before an attack can be detected. Having advanced, predictive knowledge of future attacks allow a potential victim to heighten security and possibly prevent any malicious traffic from breaching the network. This paper investigates the use of Auto-Regressive Integrated Moving Average (ARIMA) models and Bayesian Networks (BN) to predict future cyber attack occurrences and intensities against two target entities. In addition to incident count forecasting, categorical and binary occurrence metrics are proposed to better represent volume forecasts to a victim. Different measurement periods are used in time series construction to better model the temporal patterns unique to each attack type and target configuration, seeing over 86% improvement over baseline forecasts. Using ground truth aggregated over different measurement periods as signals, a BN is trained and tested for each attack type and the obtained results provided further evidence to support the findings from ARIMA. This work highlights the complexity of cyber attack occurrences; each subset has unique characteristics and is influenced by a number of potential external factors.