Predictive Methods in Cyber Defense: Current Experience and Research Challenges
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F21%3A00120728" target="_blank" >RIV/00216224:14610/21:00120728 - isvavai.cz</a>
Alternative codes found
RIV/63839172:_____/20:10133295
Result on the web
<a href="https://www.sciencedirect.com/science/article/abs/pii/S0167739X20329836" target="_blank" >https://www.sciencedirect.com/science/article/abs/pii/S0167739X20329836</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.1016/j.future.2020.10.006" target="_blank" >10.1016/j.future.2020.10.006</a>
Alternative languages
Result language
angličtina
Original language name
Predictive Methods in Cyber Defense: Current Experience and Research Challenges
Original language description
Predictive analysis allows next-generation cyber defense that is more proactive than current approaches based on intrusion detection. In this paper, we discuss various aspects of predictive methods in cyber defense and illustrate them on three examples of recent approaches. The first approach uses data mining to extract frequent attack scenarios and uses them to project ongoing cyberattacks. The second approach uses a dynamic network entity reputation score to predict malicious actors. The third approach uses time series analysis to forecast attack rates in the network. This paper presents a unique evaluation of the three distinct methods in a common environment of an intrusion detection alert sharing platform, which allows for a comparison of the approaches and illustrates the capabilities of predictive analysis for current and future research and cybersecurity operations. Our experiments show that all three methods achieved a sufficient technology readiness level for experimental deployment in an operational setting with promising accuracy and usability. Namely prediction and projection methods, despite their differences, are highly usable for predictive blacklisting, the first provides a more detailed output, and the second is more extensible. Network security situation forecasting is lightweight and displays very high accuracy, but does not provide details on predicted events.
Czech name
—
Czech description
—
Classification
Type
J<sub>imp</sub> - Article in a specialist periodical, which is included in the Web of Science database
CEP classification
—
OECD FORD branch
10200 - Computer and information sciences
Result continuities
Project
<a href="/en/project/EF16_019%2F0000822" target="_blank" >EF16_019/0000822: CyberSecurity, CyberCrime and Critical Information Infrastructures Center of Excellence</a><br>
Continuities
P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)
Others
Publication year
2021
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Data specific for result type
Name of the periodical
Future Generation Computer Systems
ISSN
0167-739X
e-ISSN
—
Volume of the periodical
115
Issue of the periodical within the volume
February
Country of publishing house
NL - THE KINGDOM OF THE NETHERLANDS
Number of pages
14
Pages from-to
517-530
UT code for WoS article
000591438900018
EID of the result in the Scopus database
2-s2.0-85092215125