Predicting cyber attacks with bayesian networks using unconventional signals

Okutan, Ahmet; Yang, Shanchieh Jay; McConky, Katie

doi:10.1145/3064814.3064823

Cited by 34 publications

(20 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recently, Okutan et al [33] included signals unrelated to the target network into the attack prediction method based on the Bayesian network. The signals are mentions of attacks on Twitter or the current number of attacks from Hackmageddon [51].…”

Section: B Bayesian Networkmentioning

confidence: 99%

“…However, such results were obtained when evaluating the approaches over datasets. When we take a look at methods evaluated on live network traffic, the prediction accuracies drop down to around 60-70 % [25], [33], [58], [63]. Some works show even worse results, which indicates that the prediction accuracy in practice is at the lower bounds.…”

Section: A Practical Implicationsmentioning

confidence: 99%

See 1 more Smart Citation

Survey of Attack Projection, Prediction, and Forecasting in Cyber Security

Husák

Komárková

Bou‐Harb

et al. 2019

IEEE Commun. Surv. Tutorials

216

110

View full text Add to dashboard Cite

This paper provides a survey of prediction, and forecasting methods used in cyber security. Four main tasks are discussed first, attack projection and intention recognition, in which there is a need to predict the next move or the intentions of the attacker, intrusion prediction, in which there is a need to predict upcoming cyber attacks, and network security situation forecasting, in which we project cybersecurity situation in the whole network. Methods and approaches for addressing these tasks often share the theoretical background and are often complementary. In this survey, both methods based on discrete models, such as attack graphs, Bayesian networks, and Markov models, and continuous models, such as time series and grey models, are surveyed, compared, and contrasted. We further discuss machine learning and data mining approaches, that have gained a lot of attention recently and appears promising for such a constantly changing environment, which is cyber security. The survey also focuses on the practical usability of the methods and problems related to their evaluation.

show abstract

Section: B Bayesian Networkmentioning

confidence: 99%

Section: A Practical Implicationsmentioning

confidence: 99%

Survey of Attack Projection, Prediction, and Forecasting in Cyber Security

Husák

Komárková

Bou‐Harb

et al. 2019

IEEE Commun. Surv. Tutorials

216

110

View full text Add to dashboard Cite

show abstract

“…The definition of log comprises not only information about the actions of the protected infrastructure, but also the analysis of social networks [11][10], like Twitter [9]; Dark Web [12], etc.…”

Section: Prediction Of a Cyberattack Based On The Categorization Of Tmentioning

confidence: 99%

Ontology-based Model for Security Assessment: Predicting Cyberattacks Through Threat Activity Analysis

Yermalovich

Mejri

2020

7th International Conference on Artificial Intelligence and Applications

View full text Add to dashboard Cite

show abstract

“…(Ramakrishnan and et al 2014) have shown the viability of using early indicators to forecast future civil unrest incidents. Built upon these premises, several other works (Tabassum et al 2016;Sliva and et al 2017;Maimon et al 2017;Babko-Malaya et al 2017;Almukaynizi et al 2017;Sapienza et al 2017;Okutan et al 2017b;Okutan et al 2017a) have shown promising uses of unconventional signals, that is, indirect observables from open source media instead of direct observables of the actual cyberattacks, to forecast cyber incidents. Recognizing the challenges of using unconventional signals as early indicators of future cyberattacks, this paper suggests a set of novel approaches to treat incomplete, insignificant and imbalanced data in the cyber security domain.…”

Section: Collect 258 Externally Measurable Featuresmentioning

confidence: 99%

“…These are potential 'unconventional' signals that may collectively present sufficient predictive power to forecast cyberattacks. Some recent works (Okutan et al 2017b;Maimon et al 2017;Babko-Malaya et al 2017;Sapienza et al 2017;Okutan et al 2018) provide preliminary analysis for the relevance of unconventional signals to forecast cyberattacks. However, extracting these signals from continuously growing big data in a meaningful way requires special treatment (L'Heureux et al 2017;Al-Jarrah et al 2015).…”

Section: Introductionmentioning

confidence: 99%

Forecasting cyberattacks with incomplete, imbalanced, and insignificant data

et al. 2018

Self Cite

View full text Add to dashboard Cite

Having the ability to forecast cyberattacks before they happen will unquestionably change the landscape of cyber warfare and cyber crime. This work predicts specific types of attacks on a potential victim network before the actual malicious actions take place. The challenge to forecasting cyberattacks is to extract relevant and reliable signals to treat sporadic and seemingly random acts of adversaries. This paper builds on multi-faceted machine learning solutions and develops an integrated system to transform large volumes of public data to aggregate signals with imputation that are relevant and predictive of cyber incidents. A comprehensive analysis of the individual parts and the integrated whole demonstrates the effectiveness and trade-offs of the proposed approach. Using 16-months of reported cyber incidents by an anonymized victim organization, the integrated approach achieves up to 87%, 90%, and 96% AUC for forecasting endpoint-malware, malicious-destination, and malicious-email attacks, respectively. When assessed month-by-month, the proposed approach shows robustness to perform consistently well, achieving F-Measure between 0.6 and 1.0. The framework also enables an examination of which unconventional signals are meaningful for cyberattack forecasting.

show abstract

Predicting cyber attacks with bayesian networks using unconventional signals

Cited by 34 publications

References 5 publications

Survey of Attack Projection, Prediction, and Forecasting in Cyber Security

Survey of Attack Projection, Prediction, and Forecasting in Cyber Security

Ontology-based Model for Security Assessment: Predicting Cyberattacks Through Threat Activity Analysis

Forecasting cyberattacks with incomplete, imbalanced, and insignificant data

Contact Info

Product

Resources

About