Spatiotemporal Patterns and Predictability of Cyberattacks

@article{Chen2015SpatiotemporalPA,
  title={Spatiotemporal Patterns and Predictability of Cyberattacks},
  author={Yu-Zhong Chen and Zi-Gang Huang and Shouhuai Xu and Ying-Cheng Lai},
  journal={PLoS ONE},
  year={2015},
  volume={10}
}
A relatively unexplored issue in cybersecurity science and engineering is whether there exist intrinsic patterns of cyberattacks. Conventional wisdom favors absence of such patterns due to the overwhelming complexity of the modern cyberspace. Surprisingly, through a detailed analysis of an extensive data set that records the time-dependent frequencies of attacks over a relatively wide range of consecutive IP addresses, we successfully uncover intrinsic spatiotemporal patterns underlying… 
Identification of Spatio- Temporal Patterns in Cyber Security for Detecting the Signature Identity of Hacker
TLDR
These above patterns can uncover the hacker's attack “fingerprints” and target selection scheme by identifying the very limited pattern of unique spatiotemporal characteristics over the consecutive IP addresses.
Identification of Spatio-Temporal Patterns in Cyber Security for Detecting the Signature Identity of Hacker
TLDR
These above patterns can uncover the hacker's attack “fingerprints” and target selection scheme by identifying the very limited number of unique spatiotemporal characteristics over the consecutive IP addresses.
Intrusion Detection Based on Spatiotemporal Characterization of Cyberattacks
TLDR
This work injects numerous known and possible unknown attacks comprising BCAs and shows how the system detects these attacks and how to locate the root causes based on the spatiotemporal patterns.
Characterizing and Leveraging Granger Causality in Cybersecurity: Framework and Case Study
TLDR
A systematic investigation of a particular approach to causality, known as Granger causality (G-causality), in cybersecurity, and proposes a framework, dubbed Cybersecurity Granger Causality (CGC), for characterizing the presence of G-causeality in cyber attack rate time series and for leveraging it to predict cyber attack rates.
Modeling and Predicting Cyber Hacking Breaches
TLDR
It is shown that, in contrast to the findings reported in the literature, both hacking breach incident inter-arrival times and breach sizes should be modeled by stochastic processes, rather than by distributions because they exhibit autocorrelations.
Predicting Global Trend of Cybersecurity on Continental Honeynets Using Vector Autoregression
TLDR
A statistical analysis is proposed to identify a geospatial and temporal patterns in the cyberattacks and use this knowledge to predict future attack trend.
Seeking Foundations for the Science of Cyber Security
TLDR
The state-of-the-art is that the authors are far from being capable of adequately dealing with many cyber attacks that go beyond the standard cryptographic threats models, such as attacks which can compromise cryptographic private keys by directly stealing memory pages.
Using analysis of temporal variances within a honeypot dataset to better predict attack type probability
TLDR
It is proposed that it is possible to determine the probability of differing attack types occurring at certain times of the day and automating this process to create dynamic and adaptive honeypots.
Malware in the Future? Forecasting Analyst Detection of Cyber Events
TLDR
The findings of systematicity in analyst-detected cyber attacks are consistent with previous work using other sources and may help with threat awareness by providing a probable value and range for future cyber events one week ahead.
The Spatial Analysis of the Malicious Uniform Resource Locators (URLs): 2016 Dataset Case Study
TLDR
This novel approach of studying cyber attacks from a spatial perspective provides an invaluable relative risk assessment for each type of cyber attack that originated from a particular country.
...
...

References

SHOWING 1-10 OF 73 REFERENCES
Characterizing Honeypot-Captured Cyber Attacks: Statistical Framework and Case Study
TLDR
The case study finds, for the first time, that long-range dependence (LRD) is exhibited by honeypot-captured cyber attacks and confirms that by exploiting the statistical properties, it is feasible to predict cyber attacks with good accuracy.
Visualizing cyber attacks using IP matrix
TLDR
A method for visualizing cyber threats by using 2-dimensional matrix representation of IP addresses and, by using this visualization framework, propagation of the Welchia worm and the S.D worm are visualized.
Robustness of the Markov-chain model for cyber-attack detection
TLDR
This study provides some support for the idea that the Markov-chain technique might not be as robust as the other intrusion-detection methods such as the chi-square distance test technique, although it can produce better performance when the noise level of the data is low,such as the Mill & Pascal data in this study.
Topological analysis of network attack vulnerability
TLDR
It is shown how attack graphs can be used to compute actual sets of hardening measures that guarantee the safety of given critical resources, and offer a promising solution for administrators to monitor and predict the progress of an intrusion, and take appropriate countermeasures in a timely manner.
Towards Situational Awareness of Large-Scale Botnet Probing Events
TLDR
This work investigates ways to analyze collections of malicious probing traffic in order to understand the significance of large-scale “botnet probes,” and designs schemes to extrapolate the global properties of scanning events as inferred from the limited local view of a honeynet.
A genetic epidemiology approach to cyber-security
TLDR
A methodology to associate services to threats inspired by the tools used in genetics to identify statistical associations between mutations and diseases is proposed, offering an automated high-throughput strategy to develop comprehensive metrics for cyber-security.
Internet attack knowledge discovery via clusters and cliques of attack traces
TLDR
A new notion, namely cliques of clusters, as an automated knowledge discovery method, is introduced, which provides some examples of the kind of information that these clusters can provide and addresses the limitations of the approach.
Attack plan recognition and prediction using causal networks
  • X. Qin, Wenke Lee
  • Computer Science
    20th Annual Computer Security Applications Conference
  • 2004
TLDR
The results demonstrate the capability of the proposed probabilistic inference approach in correlating isolated attack scenarios, identifying attack strategies and predicting future attacks.
Internet background radiation revisited
TLDR
This paper revisits the state of Internet "background radiation" through the lens of two unique data-sets: a five-year collection from a single unused 8 network block, and week-long collections from three recently allocated 8 network blocks.
...
...