Forecasting Cyber Attacks with Imbalanced Data Sets and Different Time Granularities
This work addresses the challenge of forecasting cyber incidents for organizations, which is incremental as it builds on existing methods with specific improvements.
The paper tackles the problem of predicting cyber attacks using unconventional signals from various data sources with different time granularities, and develops a novel minority class oversampling technique for imbalanced datasets, achieving better performance than existing filtering techniques.
If cyber incidents are predicted a reasonable amount of time before they occur, defensive actions to prevent their destructive effects could be planned. Unfortunately, most of the time we do not have enough observables of the malicious activities before they are already under way. Therefore, this work suggests to use unconventional signals extracted from various data sources with different time granularities to predict cyber incidents for target entities. A Bayesian network is used to predict cyber attacks where the unconventional signals are used as indicative random variables. This work also develops a novel minority class over sampling technique to improve cyber attack prediction on imbalanced data sets. The results show that depending on the selected time granularity, the unconventional signals are able to predict cyber attacks for the anonimyzed target organization even though the signals are not explicitly related to that organization. Furthermore, the minority over sampling approach developed achieves better performance compared to the existing filtering techniques in the literature.