Intrusion Detection Forecasting Using Time Series for Improving Cyber Defence

Authors

  • Azween Bin Abdullah Taylors University
  • Thulasyammal Ramiah Pillai Taylors University
  • Long Zheng Cai Unitar International University

Keywords:

Intrusion forecasting, Predictive modeling, Generalized Autoregressive Moving Average, Long range dependence

Abstract

The strength of time series modeling is generally not used in almost all current intrusion detection and prevention systems. By having time series models, system administrators will be able to better plan resource allocation and system readiness to defend against malicious activities. In this paper, we address the knowledge gap by investigating the possible inclusion of a statistical based time series modeling that can be seamlessly integrated into existing cyber defense system. Cyber-attack processes exhibit long range dependence and in order to investigate such properties a new class of Generalized Autoregressive Moving Average (GARMA) can be used. In this paper, GARMA (1, 1; 1, ±) model is fitted to cyber-attack data sets. Two different estimation methods are used. Point forecasts to predict the attack rate possibly hours ahead of time also has been done and the performance of the models and estimation methods are discussed. The investigation of the case-study will confirm that by exploiting the statistical properties, it is possible to predict cyber-attacks (at least in terms of attack rate) with good accuracy. This kind of forecasting capability would provide sufficient early-warning time for defenders to adjust their defense configurations or resource allocations.

Downloads

Download data is not yet available.

Author Biographies

Thulasyammal Ramiah Pillai, Taylors University

Thulasyammal is currently a senior academic at school of computing and IT, Taylors University. Her research area is in applied statistics.

Long Zheng Cai, Unitar International University

Cai Long Zheng is currently an assistant professor at faculty of business and IT at Unitar International University. His research area is in computer security.

References

Z. Zhan, M. Xu and S. Xu, Characterizing Honeypot-captured cyber- attacks: Statistical Framework and Case study, Information Forensics and Security, IEEE Transactions, 8(11): 1775-1789, November 2013.

Sang and S. Li, A predictability analysis of network traffic, Computer Networks, 2012.

M. Celenk, T. Conley, J. Graham and J. Willis, Anomaly Prediction in Network Traffic using Adaptive Wiener Filtering and ARMA Modeling, SMC 2008. IEEE International Conference on Systems, Man and Cybernetics, 3548-3553.

G. Frey, M. Manera, A. Markandya and E. Scarpa, Econometric models for oil price forecasting: A critical survey, CESifo Forum 1/2009.

D. Kwon, J. W. Hong and H. Ju, DDos Attack Forecasting System Architecture using Honeynet, dpnm.postech.ac.kr/papers/.../12/dwkwon/APNOMS2012-

Y. Hideshima and H. Koike , “STARMINE: A visualization system for cyber-attacks,” 2006 Asian-Pacific Symposium on Information Visualization, pp. 131-138, February 2006.

C. Ishida, Y. Arakawa, I. Sasase, and K. Takemori, “Forecast techniques for predicting increase or decrease of attacks using bayesian inference,” 2005 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, pp. 450-453, August 2005.

Y. Zhang, X. Tan, and H. Xi, “A novel approach to network security situation awareness based on multi-perspective analysis,” 2007 International Conference on Computational Intelligence and Security, pp. 768-772, December 2007.

D.-H. Kim, T. Lee, S.-O.D. Jung, H.-J. Lee, and H.P. In, “Cyber threat trend analysis model using HMM,” 2007 International Symposium on Information Assurance and Security, pp. 177-182, August 2007.

S.-H. Kim, S.-J. Shin, H.-W. Kim, K.-H. Kwon, and Y.-G. Han, “Hybrid intrusion forecasting framework for early warning system,” IEICE TRANS. INF. and SYST., vol. E91-D, no. 5, pp. 1234-1241, May 2008.

K. Takemori, Y. Miyake, C. Ishida, and I. Sasase, “A SOC framework for ISP federation and attack forecast by learning propagation patterns,” 2007 IEEE Intelligence and Security Informatics, pp. 172-179, May 2007.

S.S.S. Sindhu, S. Geetha, S.S. Sivanath, and A. Kannan, “A neurogenetic ensemble short term forecasting framework for anomaly intrusion prediction,” 2006 International Conference on Advanced Computing and Communications, pp. 187-190, December 2006.

S. Nanda and N. Deo, “A highly scalable model for network attack identification and path prediction,” 2007 IEEE Southeast Conference, pp. 663-668, March 2007.

S.E. Schechter, “Toward econometric models of the security risk from remote attacks,” IEEE Security and Privacy, vol. 3, issue 1, pp. 40-44, January-February 2005.

P. J. Brockwell and R. A. Davis, “Time Series: Theory and Methods,” New York: Springer-Verlag, 1991.

P. J. Brockwell and R. A. Davis, “Introduction to Time Series and Forecasting,” 2nd Edition. New York: Springer, 2002.

M. S. Peiris, “Improving the Quality of Forecasting using Generalized AR Models: An Application to Statistical Quality Control,” 2003, Statistical Methods, vol. 5, issue 2, pp. 156-171, 2003.

M. S. Peiris, D. Allen anf A. Thavaneswaran, “An Introduction to Generalized Moving Average Models and Applications,” Journal of Applied Statistical Science, vol. 13, issue 3, pp. 251-267, 2004.

T. R. Pillai, M. Shitan and M. S. Peiris, “Time Series Properties of the Class of First Order Autoregressive Processes with Generalized Moving Average Errors,”Journal of Statistics: Advances in Theory and Applications, vol. 2, issue 1, pp. 71-92, 2009.

M. Shitan and M. S. Peiris, “Time series Properties of the class of generalized first-order autoregressive processes with moving average errors,” Communication in Statistics-Theory and Methods, vol. 40, pp. 2259-2275, 2011.

T. R. Pillai, M. Shitan and M. S. Peiris, “Some Properties of the Generalized Autoregressive Moving Average (GARMA(1, 1; δ 1, δ 2)) model,” Communication and Statistics-Theory and Methods vol. 4, issue 41, pp. 699-716, 2012.

R. A. Fisher, “A Mathematical Examination of the methods determining accuracy of an observation by the mean error and by the mean square error,” Monthly Notices of the Royal Astronomical Society 80, vol. 1, pp. 758-770, CP12 in Bennett, 1971.

Downloads

Published

03.03.2015

How to Cite

Abdullah, A. B., Pillai, T. R., & Cai, L. Z. (2015). Intrusion Detection Forecasting Using Time Series for Improving Cyber Defence. International Journal of Intelligent Systems and Applications in Engineering, 3(1), 28–33. Retrieved from https://ijisae.org/index.php/IJISAE/article/view/114

Issue

Vol. 3 No. 1 (2015)

Section

Research Article

License

All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.

IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.