Predictive Methods in Cyber Defense: Current Experience and
Research Challenges

J 2021

Predictive Methods in Cyber Defense: Current Experience and Research Challenges

HUSÁK, Martin, Václav BARTOŠ, Pavol SOKOL a Andrej GAJDOŠ

Základní údaje

Originální název

Predictive Methods in Cyber Defense: Current Experience and Research Challenges

Autoři

HUSÁK, Martin (203 Česká republika, garant, domácí), Václav BARTOŠ (203 Česká republika), Pavol SOKOL (703 Slovensko) a Andrej GAJDOŠ (703 Slovensko)

Vydání

Future Generation Computer Systems, Elsevier, 2021, 0167-739X

Další údaje

Jazyk

angličtina

Typ výsledku

Článek v odborném periodiku

Obor

10200 1.2 Computer and information sciences

Stát vydavatele

Nizozemské království

Utajení

není předmětem státního či obchodního tajemství

Odkazy

URL

Impakt faktor

Impact factor: 7.307

Kód RIV

RIV/00216224:14610/21:00120728

Organizační jednotka

Ústav výpočetní techniky

DOI

http://dx.doi.org/10.1016/j.future.2020.10.006

UT WoS

000591438900018

Klíčová slova anglicky

Cybersecurity;Prediction;Forecasting;Data mining;Machine learning;Time series

Štítky

J-D1, rivok

Příznaky

Mezinárodní význam, Recenzováno

Změněno: 8. 1. 2021 18:53, RNDr. Martin Husák, Ph.D.

Anotace

V originále

Predictive analysis allows next-generation cyber defense that is more proactive than current approaches based on intrusion detection. In this paper, we discuss various aspects of predictive methods in cyber defense and illustrate them on three examples of recent approaches. The first approach uses data mining to extract frequent attack scenarios and uses them to project ongoing cyberattacks. The second approach uses a dynamic network entity reputation score to predict malicious actors. The third approach uses time series analysis to forecast attack rates in the network. This paper presents a unique evaluation of the three distinct methods in a common environment of an intrusion detection alert sharing platform, which allows for a comparison of the approaches and illustrates the capabilities of predictive analysis for current and future research and cybersecurity operations. Our experiments show that all three methods achieved a sufficient technology readiness level for experimental deployment in an operational setting with promising accuracy and usability. Namely prediction and projection methods, despite their differences, are highly usable for predictive blacklisting, the first provides a more detailed output, and the second is more extensible. Network security situation forecasting is lightweight and displays very high accuracy, but does not provide details on predicted events.

Návaznosti

EF16_019/0000822, projekt VaV

Název: Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur

Přiložené soubory

2021-FGCS-Predictive-methods-in-cyber-defense.pdf

Vyhledat podobné dokumenty

Citovat

HUSÁK, Martin, Václav BARTOŠ, Pavol SOKOL a Andrej GAJDOŠ. Predictive Methods in Cyber Defense: Current Experience and Research Challenges. Future Generation Computer Systems. Elsevier, 2021, roč. 115, February, s. 517-530. ISSN 0167-739X. Dostupné z: https://dx.doi.org/10.1016/j.future.2020.10.006.

@article{1682977,
   author = {Husák, Martin and Bartoš, Václav and Sokol, Pavol and Gajdoš, Andrej},
   article_number = {February},
   doi = {http://dx.doi.org/10.1016/j.future.2020.10.006},
   keywords = {Cybersecurity;Prediction;Forecasting;Data mining;Machine learning;Time series},
   language = {eng},
   issn = {0167-739X},
   journal = {Future Generation Computer Systems},
   title = {Predictive Methods in Cyber Defense: Current Experience and Research Challenges},
   url = {https://www.sciencedirect.com/science/article/abs/pii/S0167739X20329836},
   volume = {115},
   year = {2021}
}

TY  - JOUR
ID  - 1682977
AU  - Husák, Martin - Bartoš, Václav - Sokol, Pavol - Gajdoš, Andrej
PY  - 2021
TI  - Predictive Methods in Cyber Defense: Current Experience and Research Challenges
JF  - Future Generation Computer Systems
VL  - 115
IS  - February
SP  - 517-530
EP  - 517-530
PB  - Elsevier
SN  - 0167739X
KW  - Cybersecurity;Prediction;Forecasting;Data mining;Machine learning;Time series
UR  - https://www.sciencedirect.com/science/article/abs/pii/S0167739X20329836
L2  - https://www.sciencedirect.com/science/article/abs/pii/S0167739X20329836
N2  - Predictive analysis allows next-generation cyber defense that is more proactive than current approaches based on intrusion detection. In this paper, we discuss various aspects of predictive methods in cyber defense and illustrate them on three examples of recent approaches. The first approach uses data mining to extract frequent attack scenarios and uses them to project ongoing cyberattacks. The second approach uses a dynamic network entity reputation score to predict malicious actors. The third approach uses time series analysis to forecast attack rates in the network. This paper presents a unique evaluation of the three distinct methods in a common environment of an intrusion detection alert sharing platform, which allows for a comparison of the approaches and illustrates the capabilities of predictive analysis for current and future research and cybersecurity operations. Our experiments show that all three methods achieved a sufficient technology readiness level for experimental deployment in an operational setting with promising accuracy and usability. Namely prediction and projection methods, despite their differences, are highly usable for predictive blacklisting, the first provides a more detailed output, and the second is more extensible. Network security situation forecasting is lightweight and displays very high accuracy, but does not provide details on predicted events.
ER  -

HUSÁK, Martin, Václav BARTOŠ, Pavol SOKOL a Andrej GAJDOŠ. Predictive Methods in Cyber Defense: Current Experience and Research Challenges. \textit{Future Generation Computer Systems}. Elsevier, 2021, roč.~115, February, s.~517-530. ISSN~0167-739X. Dostupné z: https://dx.doi.org/10.1016/j.future.2020.10.006.

Podrobný výpis o publikaci