Using honeynet data and a time series to predict the number of cyber attacks

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F61988987%3A17310%2F21%3AA2202A72" target="_blank" >RIV/61988987:17310/21:A2202A72 - isvavai.cz</a>

Výsledek na webu

<a href="http://www.doiserbia.nb.rs/Article.aspx?ID=1820-02142100040Z" target="_blank" >http://www.doiserbia.nb.rs/Article.aspx?ID=1820-02142100040Z</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.2298/CSIS200715040Z" target="_blank" >10.2298/CSIS200715040Z</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Using honeynet data and a time series to predict the number of cyber attacks

Popis výsledku v původním jazyce

A large number of cyber attacks are commonly conducted against home computers, mobile7devices, as well as servers providing various services. One such prominently attacked service, or a pro-8tocol in this case, is the Secure Shell (SSH) used to gain remote access to manage systems. Besides hu-9man attackers, botnets are a major source of attacks on SSH servers. Tools such as honeypots allow an10effective means of recording and analysing such attacks.However, is it also possible to use them to ef-11fectively predict these attacks? The prediction of SSH attacks, specifically the prediction of activity on12certain subjects, such as autonomous systems, will be beneficial to system administrators, internet ser-13vice providers, and CSIRT teams. This article presents multiple methods for using a time series, based14on real-world data,to predict these attacks. It focuses on the overall prediction of attacks on the hon-15eynet and the prediction of attacks from specific geographical regions. Multiple approaches are used,16such as ARIMA, SARIMA, GARCH, and Bootstrapping. The article presents the viability, precision and17usefulness of the individual approaches for various areas of IT security.

Název v anglickém jazyce

Using honeynet data and a time series to predict the number of cyber attacks

Popis výsledku anglicky

A large number of cyber attacks are commonly conducted against home computers, mobile7devices, as well as servers providing various services. One such prominently attacked service, or a pro-8tocol in this case, is the Secure Shell (SSH) used to gain remote access to manage systems. Besides hu-9man attackers, botnets are a major source of attacks on SSH servers. Tools such as honeypots allow an10effective means of recording and analysing such attacks.However, is it also possible to use them to ef-11fectively predict these attacks? The prediction of SSH attacks, specifically the prediction of activity on12certain subjects, such as autonomous systems, will be beneficial to system administrators, internet ser-13vice providers, and CSIRT teams. This article presents multiple methods for using a time series, based14on real-world data,to predict these attacks. It focuses on the overall prediction of attacks on the hon-15eynet and the prediction of attacks from specific geographical regions. Multiple approaches are used,16such as ARIMA, SARIMA, GARCH, and Bootstrapping. The article presents the viability, precision and17usefulness of the individual approaches for various areas of IT security.

Druh

J_imp - Článek v periodiku v databázi Web of Science

CEP obor

—

OECD FORD obor

10200 - Computer and information sciences

Projekt

—

Návaznosti

S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2021

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název periodika

Computer Science and Information Systems

ISSN

1820-0214

e-ISSN

2406-1018

Svazek periodika

18

Číslo periodika v rámci svazku

4

Stát vydavatele periodika

RS - Srbská republika

Počet stran výsledku

17

Strana od-do

1197-1217

Kód UT WoS článku

000718010500006

EID výsledku v databázi Scopus

2-s2.0-85118940819