Time Series Analysis for Cyberthreat Detection and Prevention

Author

Chirosca, Alecsandru ; Chirosca, Gianina

Author_Institution

Dept. of Nucl. Phys., Univ. of Bucharest, Bucharest, Romania

fYear

2013

Firstpage

231

Lastpage

235

Abstract

IT infrastructure exposed to Internet for a period of time, will inevitably expose it to attacks with viruses (worms or trojans). Our current available methods are known not to be full-proof for their prevention and in the worst case the detection of computer system with unauthorized (remote) access. This paper proposes and extended method, applying time series techniques while evaluating the network transfer data. The proposed method tries to improve the detection of abnormal network activity, thus providing a better trigger for other more costly solutions. The downside of this approach is that the system must be informed about changes in networks services and content and still needs a lot of data to be collected in order to provide accurate results. Correlated with netflow® LAN data, the method can be used to identify network stations that are infected with viruses not detected by the installed antivirus solution or stations with compromised security systems.

Keywords

Internet; authorisation; computer network security; computer viruses; local area networks; time series; Internet; abnormal network activity detection; compromised security systems; cyberthreat detection; cyberthreat prevention; netflow LAN data; network stations; network transfer data; time series analysis; trojans; unauthorized remote access; viruses; worms; Fourier Transform; LAN monitoring; Wavelet transform; cyberthreat; datacenter administration; timeseries analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

Developments in eSystems Engineering (DeSE), 2013 Sixth International Conference on

Conference_Location

Abu Dhabi

ISSN

2161-1343

Print_ISBN

978-1-4799-5263-2

Type

conf

DOI

10.1109/DeSE.2013.49

Filename

7041122