Survey of Attack Projection, Prediction, and Forecasting in Cyber Security

This paper provides a survey of prediction, and forecasting methods used in cyber security. Four main tasks are discussed first, attack projection and intention recognition, in which there is a need to predict the next move or the intentions of the attacker, intrusion prediction, in which there is a need to predict upcoming cyber attacks, and network security situation forecasting, in which we project cybersecurity situation in the whole network. Methods and approaches for addressing these tasks often share the theoretical background and are often complementary. In this survey, both methods based on discrete models, such as attack graphs, Bayesian networks, and Markov models, and continuous models, such as time series and grey models, are surveyed, compared, and contrasted. We further discuss machine learning and data mining approaches, that have gained a lot of attention recently and appears promising for such a constantly changing environment, which is cyber security. The survey also focuses on the practical usability of the methods and problems related to their evaluation.

[1]  Jung-Shian Li,et al.  Novel intrusion prediction mechanism based on honeypot log similarity , 2016, Int. J. Netw. Manag..

[2]  Shanchieh Jay Yang,et al.  POSTER: Cyber Attack Prediction of Threats from Unconventional Resources (CAPTURE) , 2017, CCS.

[3]  Mourad Debbabi,et al.  Investigating the dark cyberspace: Profiling, threat-based analysis and correlation , 2012, 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS).

[4]  Wang Xing-zhu Network Intrusion Prediction Model based on RBF Features Classification , 2016 .

[5]  Huwaida Tagelsir Elshoush,et al.  Alert correlation in collaborative intelligent intrusion detection systems - A survey , 2011, Appl. Soft Comput..

[6]  Hamid Farhadi,et al.  Alert correlation and prediction using data mining and HMM , 2011, ISC Int. J. Inf. Secur..

[7]  Branislav Bosanský,et al.  Game-theoretic Approach to Adversarial Plan Recognition , 2012, ECAI.

[8]  Hv Power,et al.  APPLICATION OF GREY VERHULST MODEL IN MIDDLE AND LONG TERM LOAD FORECASTING , 2003 .

[9]  Hassan Takabi,et al.  A comprehensive approach for network attack forecasting , 2016, Comput. Secur..

[10]  Dijiang Huang,et al.  NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems , 2013, IEEE Transactions on Dependable and Secure Computing.

[11]  Lior Rokach,et al.  Identifying Attack Propagation Patterns in Honeypots Using Markov Chains Modeling and Complex Networks Analysis , 2016, 2016 IEEE International Conference on Software Science, Technology and Engineering (SWSTE).

[12]  Xiaorong Cheng,et al.  Research on Network Security Situation Assessment and Prediction , 2012, 2012 Fourth International Conference on Computational and Information Sciences.

[13]  Huan Liu,et al.  Understanding Cyber Attack Behaviors with Sentiment Information on Social Media , 2018, SBP-BRiMS.

[14]  Xin Liu,et al.  The network security situation predicting technology based on the small-world echo state network , 2013, 2013 IEEE 4th International Conference on Software Engineering and Service Science.

[15]  J. Nash NON-COOPERATIVE GAMES , 1951, Classics in Game Theory.

[16]  Selvakumar Manickam,et al.  Network Security Situation Prediction: A Review and Discussion , 2015, SOCO 2015.

[17]  J. Shane Culpepper,et al.  Efficient and effective realtime prediction of drive-by download attacks , 2014, J. Netw. Comput. Appl..

[18]  Raymond K. Wong,et al.  A Transparent Learning Approach for Attack Prediction Based on User Behavior Analysis , 2016, ICICS.

[19]  Sergio Takeo Kofuji,et al.  PRBS/EWMA based model for predicting burst attacks (Brute Froce, DoS) in computer networks , 2014, Ninth International Conference on Digital Information Management (ICDIM 2014).

[20]  Vinod Yegneswaran,et al.  AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks , 2013, CCS.

[21]  Suku Nair,et al.  Exploitability analysis using predictive cybersecurity framework , 2015, 2015 IEEE 2nd International Conference on Cybernetics (CYBCONF).

[22]  Oleg Sheyner,et al.  Attack scenario graphs for computer network threat analysis and prediction , 2003, Complex.

[23]  Abdulghani Ali,et al.  Attack Intention Recognition: A Review , 2017, Int. J. Netw. Secur..

[24]  Aman Jantan,et al.  A New Algorithm to Estimate the Similarity between the Intentions of the Cyber Crimes for Network Forensics , 2013 .

[25]  Branislav Bosanský,et al.  Game Theoretic Model of Strategic Honeypot Selection in Computer Networks , 2012, GameSec.

[26]  Haralambos Mouratidis,et al.  From product recommendation to cyber-attack prediction: generating attack graphs and predicting future attacks , 2018, Evol. Syst..

[27]  Shanchieh Jay Yang,et al.  Predicting cyber attacks with bayesian networks using unconventional signals , 2017, CISRC.

[28]  Nikolaos Polatidis,et al.  A multi-level collaborative filtering method that improves recommendations , 2016, Expert Syst. Appl..

[29]  Izzat Alsmadi,et al.  Identifying cyber-attacks on software defined networks: An inference-based intrusion detection approach , 2017, J. Netw. Comput. Appl..

[30]  Huang Jin-sha Network Security Situation Prediction , 2015 .

[31]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[32]  Sushil Jajodia,et al.  Manipulating the attacker's view of a system's attack surface , 2014, 2014 IEEE Conference on Communications and Network Security.

[33]  Emiliano De Cristofaro,et al.  Controlled Data Sharing for Collaborative Predictive Blacklisting , 2015, DIMVA.

[34]  Chunjie Zhou,et al.  Assessing the Physical Impact of Cyberattacks on Industrial Cyber-Physical Systems , 2018, IEEE Transactions on Industrial Electronics.

[35]  Shrimati Indira,et al.  NETWORK INTRUSION DETECTION AND COUNTERMEASURE SELECTION IN VIRTUAL NETWORK SYSTEMS , 2013 .

[36]  Ali E. Abdallah,et al.  Detection and prediction of insider threats to cyber security: a systematic literature review and meta-analysis , 2016 .

[37]  Donghang Liu,et al.  Mixed Wavelet-Based Neural Network Model for Cyber Security Situation Prediction Using MODWT and Hurst Exponent Analysis , 2017, NSS.

[38]  Reza Ebrahimi Atani,et al.  A survey of IT early warning systems: architectures, challenges, and solutions , 2016, Secur. Commun. Networks.

[39]  Alexander Kott,et al.  Towards Fundamental Science of Cyber Security , 2014, Network Science and Cybersecurity.

[40]  James Won-Ki Hong,et al.  DDoS attack forecasting system architecture using Honeynet , 2012, 2012 14th Asia-Pacific Network Operations and Management Symposium (APNOMS).

[41]  Zhang Lin,et al.  The prediction algorithm of network security situation based on grey correlation entropy Kalman filtering , 2014, 2014 IEEE 7th Joint International Information Technology and Artificial Intelligence Conference.

[42]  Mica R. Endsley,et al.  Situation awareness global assessment technique (SAGAT) , 1988, Proceedings of the IEEE 1988 National Aerospace and Electronics Conference.

[43]  Azween Abdullah,et al.  Predictive modeling for intrusions in communication systems using GARMA and ARMA models , 2015, 2015 5th National Symposium on Information Technology: Towards New Smart World (NSITNSW).

[44]  Shouhuai Xu,et al.  Characterizing Honeypot-Captured Cyber Attacks: Statistical Framework and Case Study , 2013, IEEE Transactions on Information Forensics and Security.

[45]  Qi Shi,et al.  A System for Intrusion Prediction in Cloud Computing , 2016, ICC 2016.

[46]  Michel Dagenais,et al.  Real Time Intrusion Prediction based on Optimized Alerts with Hidden Markov Model , 2012, J. Networks.

[47]  Abbas Ghaemi Bafghi,et al.  Real time alert correlation and prediction using Bayesian networks , 2015, 2015 12th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC).

[48]  Dongmei Zhao,et al.  The Application of Baum-Welch Algorithm in Multistep Attack , 2014, TheScientificWorldJournal.

[49]  Hervé Debar,et al.  Aggregation and Correlation of Intrusion-Detection Alerts , 2001, Recent Advances in Intrusion Detection.

[50]  Philip K. Chan,et al.  An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection , 2003, RAID.

[51]  Robert P. Goldman,et al.  Plan recognition in intrusion detection systems , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[52]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[53]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[54]  Selvakumar Manickam,et al.  A Novel Adaptive Grey Verhulst Model for Network Security Situation Prediction , 2016 .

[55]  Michael Schukat,et al.  Using analysis of temporal variances within a honeypot dataset to better predict attack type probability , 2017, 2017 12th International Conference for Internet Technology and Secured Transactions (ICITST).

[56]  Mica R. Endsley,et al.  Toward a Theory of Situation Awareness in Dynamic Systems , 1995, Hum. Factors.

[57]  Deng Ju-Long,et al.  Control problems of grey systems , 1982 .

[58]  Dongwoo Kwon,et al.  DDoS attack volume forecasting using a statistical approach , 2017, 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM).

[59]  Selvakumar Manickam,et al.  An enhanced adaptive grey verhulst prediction model for network security situation , 2016 .

[60]  Erhan Guven,et al.  A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection , 2016, IEEE Communications Surveys & Tutorials.

[61]  Xiang Cui,et al.  Network Security Situation Prediction Based on BP and RBF Neural Network , 2012, ISCTCS.

[62]  Shan Suthaharan,et al.  Big data classification: problems and challenges in network intrusion prediction with machine learning , 2014, PERV.

[63]  Abdelkarim Erradi,et al.  Attack Prediction Models for Cloud Intrusion Detection Systems , 2014, 2014 2nd International Conference on Artificial Intelligence, Modelling and Simulation.

[64]  Igor V. Kotenko,et al.  A Cyber Attack Modeling and Impact Assessment framework , 2013, 2013 5th International Conference on Cyber Conflict (CYCON 2013).

[65]  Hang Wei,et al.  A new BRB model for security-state assessment of cloud computing based on the impact of external and internal environments , 2018, Comput. Secur..

[66]  Hyunwoo Kim,et al.  Advanced probabilistic approach for network intrusion forecasting and detection , 2013, Expert Syst. Appl..

[67]  Azween Abdullah,et al.  Intrusion Detection Forecasting Using Time Series for Improving Cyber Defence , 2015 .

[68]  Shouhuai Xu,et al.  Spatiotemporal Patterns and Predictability of Cyberattacks , 2015, PloS one.

[69]  Pei-Li Qiao,et al.  Cloud Belief Rule Base Model for Network Security Situation Prediction , 2016, IEEE Communications Letters.

[70]  Paul G. Spirakis,et al.  An Optimization Approach for Approximate Nash Equilibria , 2007, WINE.

[71]  Indrajit Ray,et al.  Dynamic Security Risk Management Using Bayesian Attack Graphs , 2012, IEEE Transactions on Dependable and Secure Computing.

[72]  Ananthram Swami,et al.  Security Outlook: Six Cyber Game Changers for the Next 15 Years , 2014, Computer.

[73]  Mourad Debbabi,et al.  Towards a Forecasting Model for Distributed Denial of Service Activities , 2013, 2013 IEEE 12th International Symposium on Network Computing and Applications.

[74]  Aman Jantan,et al.  Attack Intention Analysis Model for Network Forensics , 2011, ICSECS.

[75]  Paul G. Spirakis,et al.  Well Supported Approximate Equilibria in Bimatrix Games , 2010, Algorithmica.

[76]  Wenke Lee,et al.  Attack plan recognition and prediction using causal networks , 2004, 20th Annual Computer Security Applications Conference.

[77]  Muttukrishnan Rajarajan,et al.  Entropy clustering approach for improving forecasting in DDoS attacks , 2015, 2015 IEEE 12th International Conference on Networking, Sensing and Control.

[78]  Sherif Abdelwahed,et al.  A Finite Context Intrusion Prediction Model for Cloud Systems with a Probabilistic Suffix Tree , 2014, 2014 European Modelling Symposium.

[79]  Xuesong Jiang,et al.  Comprehensive analysis of network security situational awareness methods and models , 2013, 2013 2nd International Symposium on Instrumentation and Measurement, Sensor Network and Automation (IMSNA).

[80]  Ravishankar K. Iyer,et al.  Preemptive intrusion detection: theoretical framework and real-world measurements , 2015, HotSoS.

[81]  EMMANOUIL VASILOMANOLAKIS,et al.  Taxonomy and Survey of Collaborative Intrusion Detection , 2015, ACM Comput. Surv..

[82]  Morteza Amini,et al.  RTECA: Real time episode correlation algorithm for multi-step attack scenarios detection , 2015, Comput. Secur..

[83]  William J. Buchanan,et al.  An applied pattern-driven corpus to predictive analytics in mitigating SQL injection attack , 2017, 2017 Seventh International Conference on Emerging Security Technologies (EST).

[84]  Mariko Nakano-Miyatake,et al.  Security attack prediction based on user sentiment analysis of Twitter data , 2016, 2016 IEEE International Conference on Industrial Technology (ICIT).

[85]  Vincent Conitzer,et al.  Complexity Results about Nash Equilibria , 2002, IJCAI.

[86]  Shanchieh Jay Yang,et al.  Time series forecasting of cyber attack intensity , 2017, CISRC.

[87]  Haralambos Mouratidis,et al.  Recommender Systems Meeting Security: From Product Recommendation to Cyber-Attack Prediction , 2017, EANN.

[88]  William J. Buchanan,et al.  Applied Machine Learning predictive analytics to SQL Injection Attack detection and prevention , 2017, 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM).

[89]  Martin Husák,et al.  Towards Predicting Cyber Attacks Using Information Exchange and Data Mining , 2018, 2018 14th International Wireless Communications & Mobile Computing Conference (IWCMC).

[90]  Zhi Gao,et al.  A method for predicting the network security situation based on hidden BRB model and revised CMA-ES algorithm , 2016, Appl. Soft Comput..

[91]  Hassan Takabi,et al.  A foresight model for intrusion response management , 2016, Comput. Secur..

[92]  Aman Jantan,et al.  A Similarity Model to Estimate Attack Strategy Based on Intentions Analysis for Network Forensics , 2012, SNDS.

[93]  George Karabatis,et al.  Methods and techniques to identify security incidents using domain knowledge and contextual information , 2017, 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM).

[94]  Won Hyung Park,et al.  A study on cyber threat prediction based on intrusion detection event for APT attack detection , 2012, Multimedia Tools and Applications.

[95]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[96]  Kalyan Veeramachaneni,et al.  AI^2: Training a Big Data Machine to Defend , 2016, 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS).

[97]  Mourad Debbabi,et al.  Cyber Scanning: A Comprehensive Survey , 2014, IEEE Communications Surveys & Tutorials.

[98]  Chunlei Yang,et al.  A Strategy of Network Security Situation Autonomic Awareness , 2012 .

[99]  Nicolas Christin,et al.  Automatically Detecting Vulnerable Websites Before They Turn Malicious , 2014, USENIX Security Symposium.

[100]  Heejo Lee,et al.  Cyber Weather Forecasting: Forecasting Unknown Internet Worms Using Randomness Analysis , 2012, SEC.

[101]  Bonnie J. Dorr,et al.  Improving cyber-attack predictions through information foraging , 2017, 2017 IEEE International Conference on Big Data (Big Data).

[102]  Shanchieh Jay Yang,et al.  Projecting Cyberattacks Through Variable-Length Markov Models , 2008, IEEE Transactions on Information Forensics and Security.

[103]  Shouhuai Xu,et al.  Predicting Cyber Attack Rates With Extreme Values , 2015, IEEE Transactions on Information Forensics and Security.

[104]  Haibo Zhang,et al.  A network security situation prediction model based on wavelet neural network with optimized parameters , 2016, Digit. Commun. Networks.

[105]  Lior Rokach,et al.  Scalable attack propagation model and algorithms for honeypot systems , 2016, 2016 IEEE International Conference on Big Data (Big Data).

[106]  George Karabatis,et al.  Context Infusion in Semantic Link Networks to Detect Cyber-attacks: A Flow-Based Detection Approach , 2014, 2014 IEEE International Conference on Semantic Computing.

[107]  Hang Wei,et al.  A New BRB Model for Cloud Security-State Prediction Based on the Large-Scale Monitoring Data , 2018, IEEE Access.

[108]  Dong Li,et al.  A Data Mining Approach to Generating Network Attack Graph for Intrusion Prediction , 2007, Fourth International Conference on Fuzzy Systems and Knowledge Discovery (FSKD 2007).

[109]  Parinaz Naghizadeh Ardabili,et al.  Cloudy with a Chance of Breach: Forecasting Cyber Security Incidents , 2015, USENIX Security Symposium.

[110]  Yunchuan Guo,et al.  Cyber Attacks Prediction Model Based on Bayesian Network , 2012, 2012 IEEE 18th International Conference on Parallel and Distributed Systems.

[111]  Ravishankar K. Iyer,et al.  Preemptive intrusion detection , 2014, HotSoS '14.

[112]  Ying Liang,et al.  WNN-Based Network Security Situation Quantitative Prediction Method and Its Optimization , 2008, Journal of Computer Science and Technology.

[113]  Sherif Abdelwahed,et al.  A Finite State Hidden Markov Model for Predicting Multistage Attacks in Cloud Systems , 2014, 2014 IEEE 12th International Conference on Dependable, Autonomic and Secure Computing.