Title :
Time Series Analysis for Cyberthreat Detection and Prevention
Author :
Chirosca, Alecsandru ; Chirosca, Gianina
Author_Institution :
Dept. of Nucl. Phys., Univ. of Bucharest, Bucharest, Romania
Abstract :
IT infrastructure exposed to Internet for a period of time, will inevitably expose it to attacks with viruses (worms or trojans). Our current available methods are known not to be full-proof for their prevention and in the worst case the detection of computer system with unauthorized (remote) access. This paper proposes and extended method, applying time series techniques while evaluating the network transfer data. The proposed method tries to improve the detection of abnormal network activity, thus providing a better trigger for other more costly solutions. The downside of this approach is that the system must be informed about changes in networks services and content and still needs a lot of data to be collected in order to provide accurate results. Correlated with netflow® LAN data, the method can be used to identify network stations that are infected with viruses not detected by the installed antivirus solution or stations with compromised security systems.
Keywords :
Internet; authorisation; computer network security; computer viruses; local area networks; time series; Internet; abnormal network activity detection; compromised security systems; cyberthreat detection; cyberthreat prevention; netflow LAN data; network stations; network transfer data; time series analysis; trojans; unauthorized remote access; viruses; worms; Fourier Transform; LAN monitoring; Wavelet transform; cyberthreat; datacenter administration; timeseries analysis;
Conference_Titel :
Developments in eSystems Engineering (DeSE), 2013 Sixth International Conference on
Conference_Location :
Abu Dhabi
Print_ISBN :
978-1-4799-5263-2
DOI :
10.1109/DeSE.2013.49
