Cyber weather forecasting: Forecasting unknown Internet worms using randomness analysis

Hyundo Park; Sung Oh David Jung; Heejo Lee; Hoh Peter In

doi:10.1007/978-3-642-30436-1_31

Cyber weather forecasting: Forecasting unknown Internet worms using randomness analysis

Hyundo Park, Sung Oh David Jung, Heejo Lee, Hoh Peter In

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

11 Citations (Scopus)

Abstract

Since early responses are crucial to reduce the damage from unknown Internet attacks, our first consideration while developing a defense mechanism can be on time efficiency and observing (and predicting) the change of network statuses, even at the sacrifice of accuracy. In the recent security field, it is an earnest desire that a new mechanism to predict unknown future Internet attacks needs to be developed. This motivates us to study forecasting toward future Internet atacks, which is referred to as CWF (Cyber Weather Forecasting). In this paper, in order to show that the principle of CWF can be realized in the real-world, we propose a forecasting mechanism called FORE (FOrecasting using REgression analysis) through the real-time analysis of the randomness in the network traffic. FORE responds against unknown worms 1.8 times faster than the early detection mechanism, named ADUR (Anomaly Detection Using Randomness check), that can detect the worm when only one percent of total number of vulnerable hosts are infected. Furthermore, FORE can give us timely information about the process of the change of the current network situation. Evaluation results demonstrate the prediction efficiency of the proposed mechanism, including the ability to predict worm behaviors starting from 0.03 percent infection. To our best knowledge, this is the first study to achieve the prediction of future Internet attacks.

Original language	English
Title of host publication	Information Security and Privacy Research - 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Proceedings
Pages	376-387
Number of pages	12
DOIs	https://doi.org/10.1007/978-3-642-30436-1_31
Publication status	Published - 2012
Event	27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012 - Heraklion, Crete, Greece Duration: 2012 Jun 4 → 2012 Jun 6

Publication series

Name	IFIP Advances in Information and Communication Technology
Volume	376 AICT
ISSN (Print)	1868-4238

Other

Other	27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012
Country/Territory	Greece
City	Heraklion, Crete
Period	12/6/4 → 12/6/6

Bibliographical note

Funding Information:
This work was partially supported by Seoul City R&BD program WR080951 and the National Research Foundation of Korea (NRF) grant funded by the Korean government (MEST) (2009-0086140).

Keywords

Forecasting
Internet worm
Randomness check
Regression analysis
Reliability check

ASJC Scopus subject areas

Information Systems and Management

Access to Document

10.1007/978-3-642-30436-1_31

Cite this

Park, H., Jung, S. O. D., Lee, H., & In, H. P. (2012). Cyber weather forecasting: Forecasting unknown Internet worms using randomness analysis. In Information Security and Privacy Research - 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Proceedings (pp. 376-387). (IFIP Advances in Information and Communication Technology; Vol. 376 AICT). https://doi.org/10.1007/978-3-642-30436-1_31

Cyber weather forecasting: Forecasting unknown Internet worms using randomness analysis. / Park, Hyundo; Jung, Sung Oh David; Lee, Heejo et al.
Information Security and Privacy Research - 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Proceedings. 2012. p. 376-387 (IFIP Advances in Information and Communication Technology; Vol. 376 AICT).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Park, H, Jung, SOD, Lee, H & In, HP 2012, Cyber weather forecasting: Forecasting unknown Internet worms using randomness analysis. in Information Security and Privacy Research - 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Proceedings. IFIP Advances in Information and Communication Technology, vol. 376 AICT, pp. 376-387, 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Heraklion, Crete, Greece, 12/6/4. https://doi.org/10.1007/978-3-642-30436-1_31

@inproceedings{5b3b1f13bcfc43f3bfc7937237ba31ee,

title = "Cyber weather forecasting: Forecasting unknown Internet worms using randomness analysis",

abstract = "Since early responses are crucial to reduce the damage from unknown Internet attacks, our first consideration while developing a defense mechanism can be on time efficiency and observing (and predicting) the change of network statuses, even at the sacrifice of accuracy. In the recent security field, it is an earnest desire that a new mechanism to predict unknown future Internet attacks needs to be developed. This motivates us to study forecasting toward future Internet atacks, which is referred to as CWF (Cyber Weather Forecasting). In this paper, in order to show that the principle of CWF can be realized in the real-world, we propose a forecasting mechanism called FORE (FOrecasting using REgression analysis) through the real-time analysis of the randomness in the network traffic. FORE responds against unknown worms 1.8 times faster than the early detection mechanism, named ADUR (Anomaly Detection Using Randomness check), that can detect the worm when only one percent of total number of vulnerable hosts are infected. Furthermore, FORE can give us timely information about the process of the change of the current network situation. Evaluation results demonstrate the prediction efficiency of the proposed mechanism, including the ability to predict worm behaviors starting from 0.03 percent infection. To our best knowledge, this is the first study to achieve the prediction of future Internet attacks.",

keywords = "Forecasting, Internet worm, Randomness check, Regression analysis, Reliability check",

author = "Hyundo Park and Jung, {Sung Oh David} and Heejo Lee and In, {Hoh Peter}",

note = "Funding Information: This work was partially supported by Seoul City R&BD program WR080951 and the National Research Foundation of Korea (NRF) grant funded by the Korean government (MEST) (2009-0086140).; 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012 ; Conference date: 04-06-2012 Through 06-06-2012",

year = "2012",

doi = "10.1007/978-3-642-30436-1_31",

language = "English",

isbn = "9783642304354",

series = "IFIP Advances in Information and Communication Technology",

pages = "376--387",

booktitle = "Information Security and Privacy Research - 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Proceedings",

}

TY - GEN

T1 - Cyber weather forecasting

T2 - 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012

AU - Park, Hyundo

AU - Jung, Sung Oh David

AU - Lee, Heejo

AU - In, Hoh Peter

N1 - Funding Information: This work was partially supported by Seoul City R&BD program WR080951 and the National Research Foundation of Korea (NRF) grant funded by the Korean government (MEST) (2009-0086140).

PY - 2012

Y1 - 2012

N2 - Since early responses are crucial to reduce the damage from unknown Internet attacks, our first consideration while developing a defense mechanism can be on time efficiency and observing (and predicting) the change of network statuses, even at the sacrifice of accuracy. In the recent security field, it is an earnest desire that a new mechanism to predict unknown future Internet attacks needs to be developed. This motivates us to study forecasting toward future Internet atacks, which is referred to as CWF (Cyber Weather Forecasting). In this paper, in order to show that the principle of CWF can be realized in the real-world, we propose a forecasting mechanism called FORE (FOrecasting using REgression analysis) through the real-time analysis of the randomness in the network traffic. FORE responds against unknown worms 1.8 times faster than the early detection mechanism, named ADUR (Anomaly Detection Using Randomness check), that can detect the worm when only one percent of total number of vulnerable hosts are infected. Furthermore, FORE can give us timely information about the process of the change of the current network situation. Evaluation results demonstrate the prediction efficiency of the proposed mechanism, including the ability to predict worm behaviors starting from 0.03 percent infection. To our best knowledge, this is the first study to achieve the prediction of future Internet attacks.

AB - Since early responses are crucial to reduce the damage from unknown Internet attacks, our first consideration while developing a defense mechanism can be on time efficiency and observing (and predicting) the change of network statuses, even at the sacrifice of accuracy. In the recent security field, it is an earnest desire that a new mechanism to predict unknown future Internet attacks needs to be developed. This motivates us to study forecasting toward future Internet atacks, which is referred to as CWF (Cyber Weather Forecasting). In this paper, in order to show that the principle of CWF can be realized in the real-world, we propose a forecasting mechanism called FORE (FOrecasting using REgression analysis) through the real-time analysis of the randomness in the network traffic. FORE responds against unknown worms 1.8 times faster than the early detection mechanism, named ADUR (Anomaly Detection Using Randomness check), that can detect the worm when only one percent of total number of vulnerable hosts are infected. Furthermore, FORE can give us timely information about the process of the change of the current network situation. Evaluation results demonstrate the prediction efficiency of the proposed mechanism, including the ability to predict worm behaviors starting from 0.03 percent infection. To our best knowledge, this is the first study to achieve the prediction of future Internet attacks.

KW - Forecasting

KW - Internet worm

KW - Randomness check

KW - Regression analysis

KW - Reliability check

UR - http://www.scopus.com/inward/record.url?scp=84863931485&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-30436-1_31

DO - 10.1007/978-3-642-30436-1_31

M3 - Conference contribution

AN - SCOPUS:84863931485

SN - 9783642304354

T3 - IFIP Advances in Information and Communication Technology

SP - 376

EP - 387

BT - Information Security and Privacy Research - 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Proceedings

Y2 - 4 June 2012 through 6 June 2012

ER -

Cyber weather forecasting: Forecasting unknown Internet worms using randomness analysis

Abstract

Publication series

Other

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this