Visible to the public Time Series Forecasting of Cyber Attack Intensity

TitleTime Series Forecasting of Cyber Attack Intensity
Publication TypeConference Paper
Year of Publication2017
AuthorsWerner, Gordon, Yang, Shanchieh, McConky, Katie
Conference NameProceedings of the 12th Annual Conference on Cyber and Information Security Research
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4855-3
KeywordsARIMA forecasting, attack prediction, cyber security, exponentiation, pubcrawl, Resiliency, Scalability
Abstract

Cyber attacks occur on a near daily basis and are becoming exponentially more common. While some research aims to detect the characteristics of an attack, little focus has been given to patterns of attacks in general. This paper aims to exploit temporal correlations between the number of attacks per day in order to predict future intensity of cyber incidents. Through analysis of attack data collected from Hackmageddon, correlation was found among reported attack volume in consecutive days. This paper presents a forecasting system that aims to predict the number of cyber attacks on a given day based only on a set of historical attack count data. Our system conducts ARIMA time series forecasting on all previously collected incidents to predict the expected number of attacks on a future date. Our tool is able to use only a subset of data relevant to a specific attack method. Prediction models are dynamically updated over time as new data is collected to improve accuracy. Our system outperforms naive forecasting methods by 14.1% when predicting attacks of any type, and up to 21.2% when forecasting attacks of a specific type. Our system also produces a model which more accurately predicts future cyber attack intensity behavior.

URLhttps://dl.acm.org/citation.cfm?doid=3064814.3064831
DOI10.1145/3064814.3064831
Citation Keywerner_time_2017