• DocumentCode
    3399039
  • Title

    Predictive modeling for intrusions in communication systems using GARMA and ARMA models

  • Author

    Pillai, Thulasy Ramiah ; Abdullah, Azween ; Palaniappan, Sellappan ; Imran, Hafiz Muhammad

  • Author_Institution
    Fac. of Comput. & IT, Unitar Int. Univ., Petaling Jaya, Malaysia
  • fYear
    2015
  • fDate
    17-19 Feb. 2015
  • Firstpage
    1
  • Lastpage
    6
  • Abstract
    The strength of time series modeling is generally not used in almost all current intrusion detection and prevention systems. By having time series models, system administrators will be able to better plan resource allocation and system readiness to defend against malicious activities. In this paper, we address the knowledge gap by investigating the possible inclusion of a statistical based time series modeling that can be seamlessly integrated into existing cyber defense system. Cyber-attack processes exhibit long range dependence and in order to investigate such properties a new class of Generalized Autoregressive Moving Average (GARMA) can be used. In this paper, GARMA (1,2; δ,1) model is fitted to cyber-attack data sets. Three different estimation methods are used to estimate the parameters. The Hannan-Rissanen Algorithm, Whittle Estimation Method and Maximum Likelihood Estimation methods are used to estimate the parameters of the GARMA (1,2;δ,1). Point forecasts to predict the attack rate possibly hours ahead of time also has been done and the performance of the models and estimation methods are discussed. The investigation of the case-study will confirm that by exploiting the statistical properties, it is possible to predict cyber-attacks (at least in terms of attack rate) with good accuracy. This kind of forecasting capability would provide sufficient early-warning time for defenders to adjust their defense configurations or resource allocations.
  • Keywords
    autoregressive moving average processes; maximum likelihood estimation; resource allocation; security of data; time series; ARMA models; GARMA models; Hannan-Rissanen algorithm; Whittle estimation method; communication systems; cyber defense system; cyber-attack processes; generalized autoregressive moving average; intrusion detection systems; maximum likelihood estimation methods; parameter estimation; predictive modeling; resource allocation; time series modeling; Autoregressive processes; Computational modeling; Forecasting; Hidden Markov models; Maximum likelihood estimation; Predictive models; Communication Systems; Generalized Autoregressive Moving Average; Intrusion forecasting; Long range dependence; Predictive modeling;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Technology: Towards New Smart World (NSITNSW), 2015 5th National Symposium on
  • Conference_Location
    Riyadh
  • Print_ISBN
    978-1-4799-7625-6
  • Type

    conf

  • DOI
    10.1109/NSITNSW.2015.7176399
  • Filename
    7176399