“…Although, three major gaps lie in the studies about forecasting of cyber attacks: a) the use of few sensors and/or sensors employed locally; b) the use of just one forecasting technique; and c) lack of information sharing among sensors to be used for correlation (Pontes & Guelfi, 2009a). Correlation of information between IDPS and forecasters means looking for similar characteristics that may be related (Pontes & Guelfi, 2009a) (Abad et al, 2003). Throughout correlation it is possible to eliminate redundant and false data, to discover attack patterns and understand attack strategies (Zhay et al, 2006).…”
Section: Analogy With Forecasting In Cyber Securitymentioning
confidence: 99%
“…Multi-correlation or integration of alerts with information from different sources, e.g. tools for monitoring or operating system logs, can allow a new classification for alerts, improving accuracy of the results (Abad et al, 2003), (Zhay et al, 2006). References (Abad et al, 2003), (Zhay et al, 2006), (Zhay et al, 2004) employed multi-correlation; however neither a detailed analysis concerning influence of isolated alerts in the FP rates, nor forecasting techniques were not applied for predicting future attacks (forecasting).…”
Section: Analogy With Forecasting In Cyber Securitymentioning
confidence: 99%
“…tools for monitoring or operating system logs, can allow a new classification for alerts, improving accuracy of the results (Abad et al, 2003), (Zhay et al, 2006). References (Abad et al, 2003), (Zhay et al, 2006), (Zhay et al, 2004) employed multi-correlation; however neither a detailed analysis concerning influence of isolated alerts in the FP rates, nor forecasting techniques were not applied for predicting future attacks (forecasting). Forecasting analysis in the information security area can be similar to forecasting methodologies used in any other fields: meteorology, for instance, use sensors to capture data about temperature, humidity, etc (Lajara et al, 2007), (Lorenz, 2005); seismology employs sensors to capture electromagnetic emissions from the rocks (Bleier & Freund, 2005); for economics, specifically stock market, data is collected from diverse companies (annual profit, potential customers, assets, etc) to draw trends about shares of companies (Prechter & Frost, 2002), (Mandelbrot & Hudson, 2006).…”
Section: Analogy With Forecasting In Cyber Securitymentioning
confidence: 99%
“…Correlation techniques for security events can be classified into three categories: (1) rulebased, (2) based on anomaly and (3) based on causes and consequences (Prerequisites and Consequences (PC)) (Abad et al, 2003). The rule-based method requires some prior knowledge about the attack, so the target machine has to pass through a preparation phase called training.…”
Section: Approaches For Correlation Of Security Eventsmentioning
confidence: 99%
“…The rule-based method requires some prior knowledge about the attack, so the target machine has to pass through a preparation phase called training. The goal of this phase is to make the target machine able to precisely detect the vulnerabilities in which the target machine was trained for (Abad et al, 2003), (Mizoguchi, 2000). Gaps of rule-based method are: (1) it is computer intensive; (2) it results in lots of data; (3) the method works only for known vulnerabilities.…”
Section: Approaches For Correlation Of Security Eventsmentioning
“…Although, three major gaps lie in the studies about forecasting of cyber attacks: a) the use of few sensors and/or sensors employed locally; b) the use of just one forecasting technique; and c) lack of information sharing among sensors to be used for correlation (Pontes & Guelfi, 2009a). Correlation of information between IDPS and forecasters means looking for similar characteristics that may be related (Pontes & Guelfi, 2009a) (Abad et al, 2003). Throughout correlation it is possible to eliminate redundant and false data, to discover attack patterns and understand attack strategies (Zhay et al, 2006).…”
Section: Analogy With Forecasting In Cyber Securitymentioning
confidence: 99%
“…Multi-correlation or integration of alerts with information from different sources, e.g. tools for monitoring or operating system logs, can allow a new classification for alerts, improving accuracy of the results (Abad et al, 2003), (Zhay et al, 2006). References (Abad et al, 2003), (Zhay et al, 2006), (Zhay et al, 2004) employed multi-correlation; however neither a detailed analysis concerning influence of isolated alerts in the FP rates, nor forecasting techniques were not applied for predicting future attacks (forecasting).…”
Section: Analogy With Forecasting In Cyber Securitymentioning
confidence: 99%
“…tools for monitoring or operating system logs, can allow a new classification for alerts, improving accuracy of the results (Abad et al, 2003), (Zhay et al, 2006). References (Abad et al, 2003), (Zhay et al, 2006), (Zhay et al, 2004) employed multi-correlation; however neither a detailed analysis concerning influence of isolated alerts in the FP rates, nor forecasting techniques were not applied for predicting future attacks (forecasting). Forecasting analysis in the information security area can be similar to forecasting methodologies used in any other fields: meteorology, for instance, use sensors to capture data about temperature, humidity, etc (Lajara et al, 2007), (Lorenz, 2005); seismology employs sensors to capture electromagnetic emissions from the rocks (Bleier & Freund, 2005); for economics, specifically stock market, data is collected from diverse companies (annual profit, potential customers, assets, etc) to draw trends about shares of companies (Prechter & Frost, 2002), (Mandelbrot & Hudson, 2006).…”
Section: Analogy With Forecasting In Cyber Securitymentioning
confidence: 99%
“…Correlation techniques for security events can be classified into three categories: (1) rulebased, (2) based on anomaly and (3) based on causes and consequences (Prerequisites and Consequences (PC)) (Abad et al, 2003). The rule-based method requires some prior knowledge about the attack, so the target machine has to pass through a preparation phase called training.…”
Section: Approaches For Correlation Of Security Eventsmentioning
confidence: 99%
“…The rule-based method requires some prior knowledge about the attack, so the target machine has to pass through a preparation phase called training. The goal of this phase is to make the target machine able to precisely detect the vulnerabilities in which the target machine was trained for (Abad et al, 2003), (Mizoguchi, 2000). Gaps of rule-based method are: (1) it is computer intensive; (2) it results in lots of data; (3) the method works only for known vulnerabilities.…”
Section: Approaches For Correlation Of Security Eventsmentioning
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.