Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

Security analytics for real-time forecasting of cyberattacks

Javed, Amir ORCID: https://orcid.org/0000-0001-9761-0945, Lakoju, Mike, Burnap, Peter ORCID: https://orcid.org/0000-0003-0396-633X and Rana, Omer ORCID: https://orcid.org/0000-0003-3597-2646 2022. Security analytics for real-time forecasting of cyberattacks. Software: Practice and Experience 52 (3) , pp. 788-804. 10.1002/spe.2822

[thumbnail of Security Analytics for real time forecasting of cyber  attacks.pdf]
Preview
PDF - Accepted Post-Print Version
Download (4MB) | Preview

Abstract

Protection of networked computing infrastructures (such as Internet of Things, Industrial Control Systems and Edge computing) is dependent on the continuous monitoring of interaction between such devices and network/Cloud-based hosts (especially in industry 4.0 environments). This real time monitoring enables an analyst to quantify evolving and emerging threats to such network infrastructures. A framework for identifying patterns in observed cyberthreats and the use of these patterns for forecasting the growth of an emerging threat to network infrastructure is proposed. This framework enables predicting the maximum threat intensity and the time period over which this maximum intensity is likely to occur. The proposed framework integrates: (i) continuous monitoring of device/ network activity, (ii) forecasting behaviour using exponentially weighted moving averages, (iii) utilising Fibonacci re-tracement for estimating the potential intensity of a cyberattack, (iv) linear regression for predicting response time for high-risk thresholds and a machine learning strategy to predict potential risk over a pre-defined time window. Using this approach we can produce time intervals between the forecast and the actual attacks using real-world network activity data. Our results show an average lead time of around 1.75 hours, providing a window of opportunity to limit the impact of an attack and counter it.

Item Type: Article
Date Type: Publication
Status: Published
Schools: Computer Science & Informatics
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Q Science > QA Mathematics > QA76 Computer software
Publisher: Wiley
ISSN: 0038-0644
Funders: Engineering and Physical Sciences Research Council (EPSRC)
Date of First Compliant Deposit: 19 February 2020
Date of Acceptance: 19 February 2020
Last Modified: 06 Nov 2023 15:18
URI: https://orca.cardiff.ac.uk/id/eprint/129830

Citation Data

Cited 3 times in Scopus. View in Scopus. Powered By Scopus® Data

Actions (repository staff only)

Edit Item Edit Item

Downloads

Downloads per month over past year

View more statistics