BibTex RIS Cite

Intrusion Detection Forecasting Using Time Series for Improving Cyber Defence

Year 2015, Volume: 3 Issue: 1, 28 - 33, 13.01.2015
https://doi.org/10.18201/ijisae.83441

Abstract

The strength of time series modeling is generally not used in almost all current intrusion detection and prevention systems. By having time series models, system administrators will be able to better plan resource allocation and system readiness to defend against malicious activities. In this paper, we address the knowledge gap by investigating the possible inclusion of a statistical based time series modeling that can be seamlessly integrated into existing cyber defense system. Cyber-attack processes exhibit long range dependence and in order to investigate such properties a new class of Generalized Autoregressive Moving Average (GARMA) can be used. In this paper, GARMA (1, 1; 1, ±) model is fitted to cyber-attack data sets. Two different estimation methods are used. Point forecasts to predict the attack rate possibly hours ahead of time also has been done and the performance of the models and estimation methods are discussed. The investigation of the case-study will confirm that by exploiting the statistical properties, it is possible to predict cyber-attacks (at least in terms of attack rate) with good accuracy. This kind of forecasting capability would provide sufficient early-warning time for defenders to adjust their defense configurations or resource allocations.

References

  • Z. Zhan, M. Xu and S. Xu, Characterizing Honeypot-captured cyber- attacks: Statistical Framework and Case study, Information Forensics and Security, IEEE Transactions, 8(11): 1775-1789, November 2013.
  • Sang and S. Li, A predictability analysis of network traffic, Computer Networks, 2012.
  • M. Celenk, T. Conley, J. Graham and J. Willis, Anomaly Prediction in Network Traffic using Adaptive Wiener Filtering and ARMA Modeling, SMC 2008. IEEE International Conference on Systems, Man and Cybernetics, 3548-3553.
  • G. Frey, M. Manera, A. Markandya and E. Scarpa, Econometric models for oil price forecasting: A critical survey, CESifo Forum 1/2009.
  • D. Kwon, J. W. Hong and H. Ju, DDos Attack Forecasting System Architecture using Honeynet, dpnm.postech.ac.kr/papers/.../12/dwkwon/APNOMS2012-
  • Y. Hideshima and H. Koike , “STARMINE: A visualization system for cyber-attacks,” 2006 Asian-Pacific Symposium on Information Visualization, pp. 131-138, February 2006.
  • C. Ishida, Y. Arakawa, I. Sasase, and K. Takemori, “Forecast techniques for predicting increase or decrease of attacks using bayesian inference,” 2005 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, pp. 450-453, August 2005.
  • Y. Zhang, X. Tan, and H. Xi, “A novel approach to network security situation awareness based on multi-perspective analysis,” 2007 International Conference on Computational Intelligence and Security, pp. 768-772, December 2007.
  • D.-H. Kim, T. Lee, S.-O.D. Jung, H.-J. Lee, and H.P. In, “Cyber threat trend analysis model using HMM,” 2007 International Symposium on Information Assurance and Security, pp. 177-182, August 2007.
  • S.-H. Kim, S.-J. Shin, H.-W. Kim, K.-H. Kwon, and Y.-G. Han, “Hybrid intrusion forecasting framework for early warning system,” IEICE TRANS. INF. and SYST., vol. E91-D, no. 5, pp. 1234-1241, May 2008.
  • K. Takemori, Y. Miyake, C. Ishida, and I. Sasase, “A SOC framework for ISP federation and attack forecast by learning propagation patterns,” 2007 IEEE Intelligence and Security Informatics, pp. 172-179, May 2007.
  • S.S.S. Sindhu, S. Geetha, S.S. Sivanath, and A. Kannan, “A neurogenetic ensemble short term forecasting framework for anomaly intrusion prediction,” 2006 International Conference on Advanced Computing and Communications, pp. 187-190, December 2006.
  • S. Nanda and N. Deo, “A highly scalable model for network attack identification and path prediction,” 2007 IEEE Southeast Conference, pp. 663-668, March 2007.
  • S.E. Schechter, “Toward econometric models of the security risk from remote attacks,” IEEE Security and Privacy, vol. 3, issue 1, pp. 40-44, January-February 2005.
  • P. J. Brockwell and R. A. Davis, “Time Series: Theory and Methods,” New York: Springer-Verlag, 1991.
  • P. J. Brockwell and R. A. Davis, “Introduction to Time Series and Forecasting,” 2nd Edition. New York: Springer, 2002.
  • M. S. Peiris, “Improving the Quality of Forecasting using Generalized AR Models: An Application to Statistical Quality Control,” 2003, Statistical Methods, vol. 5, issue 2, pp. 156-171, 2003.
  • M. S. Peiris, D. Allen anf A. Thavaneswaran, “An Introduction to Generalized Moving Average Models and Applications,” Journal of Applied Statistical Science, vol. 13, issue 3, pp. 251-267, 2004.
  • T. R. Pillai, M. Shitan and M. S. Peiris, “Time Series Properties of the Class of First Order Autoregressive Processes with Generalized Moving Average Errors,”Journal of Statistics: Advances in Theory and Applications, vol. 2, issue 1, pp. 71-92, 2009.
  • M. Shitan and M. S. Peiris, “Time series Properties of the class of generalized first-order autoregressive processes with moving average errors,” Communication in Statistics-Theory and Methods, vol. 40, pp. 2259-2275, 2011.
  • T. R. Pillai, M. Shitan and M. S. Peiris, “Some Properties of the Generalized Autoregressive Moving Average (GARMA(1, 1; δ 1, δ 2)) model,” Communication and Statistics-Theory and Methods vol. 4, issue 41, pp. 699-716, 2012.
  • R. A. Fisher, “A Mathematical Examination of the methods determining accuracy of an observation by the mean error and by the mean square error,” Monthly Notices of the Royal Astronomical Society 80, vol. 1, pp. 758-770, CP12 in Bennett, 1971.
Year 2015, Volume: 3 Issue: 1, 28 - 33, 13.01.2015
https://doi.org/10.18201/ijisae.83441

Abstract

References

  • Z. Zhan, M. Xu and S. Xu, Characterizing Honeypot-captured cyber- attacks: Statistical Framework and Case study, Information Forensics and Security, IEEE Transactions, 8(11): 1775-1789, November 2013.
  • Sang and S. Li, A predictability analysis of network traffic, Computer Networks, 2012.
  • M. Celenk, T. Conley, J. Graham and J. Willis, Anomaly Prediction in Network Traffic using Adaptive Wiener Filtering and ARMA Modeling, SMC 2008. IEEE International Conference on Systems, Man and Cybernetics, 3548-3553.
  • G. Frey, M. Manera, A. Markandya and E. Scarpa, Econometric models for oil price forecasting: A critical survey, CESifo Forum 1/2009.
  • D. Kwon, J. W. Hong and H. Ju, DDos Attack Forecasting System Architecture using Honeynet, dpnm.postech.ac.kr/papers/.../12/dwkwon/APNOMS2012-
  • Y. Hideshima and H. Koike , “STARMINE: A visualization system for cyber-attacks,” 2006 Asian-Pacific Symposium on Information Visualization, pp. 131-138, February 2006.
  • C. Ishida, Y. Arakawa, I. Sasase, and K. Takemori, “Forecast techniques for predicting increase or decrease of attacks using bayesian inference,” 2005 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, pp. 450-453, August 2005.
  • Y. Zhang, X. Tan, and H. Xi, “A novel approach to network security situation awareness based on multi-perspective analysis,” 2007 International Conference on Computational Intelligence and Security, pp. 768-772, December 2007.
  • D.-H. Kim, T. Lee, S.-O.D. Jung, H.-J. Lee, and H.P. In, “Cyber threat trend analysis model using HMM,” 2007 International Symposium on Information Assurance and Security, pp. 177-182, August 2007.
  • S.-H. Kim, S.-J. Shin, H.-W. Kim, K.-H. Kwon, and Y.-G. Han, “Hybrid intrusion forecasting framework for early warning system,” IEICE TRANS. INF. and SYST., vol. E91-D, no. 5, pp. 1234-1241, May 2008.
  • K. Takemori, Y. Miyake, C. Ishida, and I. Sasase, “A SOC framework for ISP federation and attack forecast by learning propagation patterns,” 2007 IEEE Intelligence and Security Informatics, pp. 172-179, May 2007.
  • S.S.S. Sindhu, S. Geetha, S.S. Sivanath, and A. Kannan, “A neurogenetic ensemble short term forecasting framework for anomaly intrusion prediction,” 2006 International Conference on Advanced Computing and Communications, pp. 187-190, December 2006.
  • S. Nanda and N. Deo, “A highly scalable model for network attack identification and path prediction,” 2007 IEEE Southeast Conference, pp. 663-668, March 2007.
  • S.E. Schechter, “Toward econometric models of the security risk from remote attacks,” IEEE Security and Privacy, vol. 3, issue 1, pp. 40-44, January-February 2005.
  • P. J. Brockwell and R. A. Davis, “Time Series: Theory and Methods,” New York: Springer-Verlag, 1991.
  • P. J. Brockwell and R. A. Davis, “Introduction to Time Series and Forecasting,” 2nd Edition. New York: Springer, 2002.
  • M. S. Peiris, “Improving the Quality of Forecasting using Generalized AR Models: An Application to Statistical Quality Control,” 2003, Statistical Methods, vol. 5, issue 2, pp. 156-171, 2003.
  • M. S. Peiris, D. Allen anf A. Thavaneswaran, “An Introduction to Generalized Moving Average Models and Applications,” Journal of Applied Statistical Science, vol. 13, issue 3, pp. 251-267, 2004.
  • T. R. Pillai, M. Shitan and M. S. Peiris, “Time Series Properties of the Class of First Order Autoregressive Processes with Generalized Moving Average Errors,”Journal of Statistics: Advances in Theory and Applications, vol. 2, issue 1, pp. 71-92, 2009.
  • M. Shitan and M. S. Peiris, “Time series Properties of the class of generalized first-order autoregressive processes with moving average errors,” Communication in Statistics-Theory and Methods, vol. 40, pp. 2259-2275, 2011.
  • T. R. Pillai, M. Shitan and M. S. Peiris, “Some Properties of the Generalized Autoregressive Moving Average (GARMA(1, 1; δ 1, δ 2)) model,” Communication and Statistics-Theory and Methods vol. 4, issue 41, pp. 699-716, 2012.
  • R. A. Fisher, “A Mathematical Examination of the methods determining accuracy of an observation by the mean error and by the mean square error,” Monthly Notices of the Royal Astronomical Society 80, vol. 1, pp. 758-770, CP12 in Bennett, 1971.
There are 22 citations in total.

Details

Primary Language English
Journal Section Research Article
Authors

Vahideh Abaeian This is me

Azween Abdullah

Thulasyammal Pillai This is me

Long Zheng Cai This is me

Publication Date January 13, 2015
Published in Issue Year 2015 Volume: 3 Issue: 1

Cite

APA Abaeian, V., Abdullah, A., Pillai, T., Cai, L. Z. (2015). Intrusion Detection Forecasting Using Time Series for Improving Cyber Defence. International Journal of Intelligent Systems and Applications in Engineering, 3(1), 28-33. https://doi.org/10.18201/ijisae.83441
AMA Abaeian V, Abdullah A, Pillai T, Cai LZ. Intrusion Detection Forecasting Using Time Series for Improving Cyber Defence. International Journal of Intelligent Systems and Applications in Engineering. January 2015;3(1):28-33. doi:10.18201/ijisae.83441
Chicago Abaeian, Vahideh, Azween Abdullah, Thulasyammal Pillai, and Long Zheng Cai. “Intrusion Detection Forecasting Using Time Series for Improving Cyber Defence”. International Journal of Intelligent Systems and Applications in Engineering 3, no. 1 (January 2015): 28-33. https://doi.org/10.18201/ijisae.83441.
EndNote Abaeian V, Abdullah A, Pillai T, Cai LZ (January 1, 2015) Intrusion Detection Forecasting Using Time Series for Improving Cyber Defence. International Journal of Intelligent Systems and Applications in Engineering 3 1 28–33.
IEEE V. Abaeian, A. Abdullah, T. Pillai, and L. Z. Cai, “Intrusion Detection Forecasting Using Time Series for Improving Cyber Defence”, International Journal of Intelligent Systems and Applications in Engineering, vol. 3, no. 1, pp. 28–33, 2015, doi: 10.18201/ijisae.83441.
ISNAD Abaeian, Vahideh et al. “Intrusion Detection Forecasting Using Time Series for Improving Cyber Defence”. International Journal of Intelligent Systems and Applications in Engineering 3/1 (January 2015), 28-33. https://doi.org/10.18201/ijisae.83441.
JAMA Abaeian V, Abdullah A, Pillai T, Cai LZ. Intrusion Detection Forecasting Using Time Series for Improving Cyber Defence. International Journal of Intelligent Systems and Applications in Engineering. 2015;3:28–33.
MLA Abaeian, Vahideh et al. “Intrusion Detection Forecasting Using Time Series for Improving Cyber Defence”. International Journal of Intelligent Systems and Applications in Engineering, vol. 3, no. 1, 2015, pp. 28-33, doi:10.18201/ijisae.83441.
Vancouver Abaeian V, Abdullah A, Pillai T, Cai LZ. Intrusion Detection Forecasting Using Time Series for Improving Cyber Defence. International Journal of Intelligent Systems and Applications in Engineering. 2015;3(1):28-33.