2021
Predictive Methods in Cyber Defense: Current Experience and Research Challenges
HUSÁK, Martin, Václav BARTOŠ, Pavol SOKOL a Andrej GAJDOŠZákladní údaje
Originální název
Predictive Methods in Cyber Defense: Current Experience and Research Challenges
Autoři
HUSÁK, Martin (203 Česká republika, garant, domácí), Václav BARTOŠ (203 Česká republika), Pavol SOKOL (703 Slovensko) a Andrej GAJDOŠ (703 Slovensko)
Vydání
Future Generation Computer Systems, Elsevier, 2021, 0167-739X
Další údaje
Jazyk
angličtina
Typ výsledku
Článek v odborném periodiku
Obor
10200 1.2 Computer and information sciences
Stát vydavatele
Nizozemské království
Utajení
není předmětem státního či obchodního tajemství
Odkazy
Impakt faktor
Impact factor: 7.307
Kód RIV
RIV/00216224:14610/21:00120728
Organizační jednotka
Ústav výpočetní techniky
UT WoS
000591438900018
Klíčová slova anglicky
Cybersecurity;Prediction;Forecasting;Data mining;Machine learning;Time series
Příznaky
Mezinárodní význam, Recenzováno
Změněno: 8. 1. 2021 18:53, RNDr. Martin Husák, Ph.D.
Anotace
V originále
Predictive analysis allows next-generation cyber defense that is more proactive than current approaches based on intrusion detection. In this paper, we discuss various aspects of predictive methods in cyber defense and illustrate them on three examples of recent approaches. The first approach uses data mining to extract frequent attack scenarios and uses them to project ongoing cyberattacks. The second approach uses a dynamic network entity reputation score to predict malicious actors. The third approach uses time series analysis to forecast attack rates in the network. This paper presents a unique evaluation of the three distinct methods in a common environment of an intrusion detection alert sharing platform, which allows for a comparison of the approaches and illustrates the capabilities of predictive analysis for current and future research and cybersecurity operations. Our experiments show that all three methods achieved a sufficient technology readiness level for experimental deployment in an operational setting with promising accuracy and usability. Namely prediction and projection methods, despite their differences, are highly usable for predictive blacklisting, the first provides a more detailed output, and the second is more extensible. Network security situation forecasting is lightweight and displays very high accuracy, but does not provide details on predicted events.
Návaznosti
EF16_019/0000822, projekt VaV |
|