Cyber weather forecasting: Forecasting unknown Internet worms using randomness analysis

Hyundo Park, Sung Oh David Jung, Heejo Lee, Hoh In

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Citations (Scopus)

Abstract

Since early responses are crucial to reduce the damage from unknown Internet attacks, our first consideration while developing a defense mechanism can be on time efficiency and observing (and predicting) the change of network statuses, even at the sacrifice of accuracy. In the recent security field, it is an earnest desire that a new mechanism to predict unknown future Internet attacks needs to be developed. This motivates us to study forecasting toward future Internet atacks, which is referred to as CWF (Cyber Weather Forecasting). In this paper, in order to show that the principle of CWF can be realized in the real-world, we propose a forecasting mechanism called FORE (FOrecasting using REgression analysis) through the real-time analysis of the randomness in the network traffic. FORE responds against unknown worms 1.8 times faster than the early detection mechanism, named ADUR (Anomaly Detection Using Randomness check), that can detect the worm when only one percent of total number of vulnerable hosts are infected. Furthermore, FORE can give us timely information about the process of the change of the current network situation. Evaluation results demonstrate the prediction efficiency of the proposed mechanism, including the ability to predict worm behaviors starting from 0.03 percent infection. To our best knowledge, this is the first study to achieve the prediction of future Internet attacks.

Original languageEnglish
Title of host publicationIFIP Advances in Information and Communication Technology
Pages376-387
Number of pages12
Volume376 AICT
DOIs
Publication statusPublished - 2012 Jul 23
Event27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012 - Heraklion, Crete, Greece
Duration: 2012 Jun 42012 Jun 6

Publication series

NameIFIP Advances in Information and Communication Technology
Volume376 AICT
ISSN (Print)18684238

Other

Other27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012
CountryGreece
CityHeraklion, Crete
Period12/6/412/6/6

Fingerprint

Randomness
World Wide Web
Weather
Attack
Prediction
Infection
Damage
Evaluation
Regression analysis
Anomaly detection

Keywords

  • Forecasting
  • Internet worm
  • Randomness check
  • Regression analysis
  • Reliability check

ASJC Scopus subject areas

  • Information Systems and Management

Cite this

Park, H., Jung, S. O. D., Lee, H., & In, H. (2012). Cyber weather forecasting: Forecasting unknown Internet worms using randomness analysis. In IFIP Advances in Information and Communication Technology (Vol. 376 AICT, pp. 376-387). (IFIP Advances in Information and Communication Technology; Vol. 376 AICT). https://doi.org/10.1007/978-3-642-30436-1_31

Cyber weather forecasting : Forecasting unknown Internet worms using randomness analysis. / Park, Hyundo; Jung, Sung Oh David; Lee, Heejo; In, Hoh.

IFIP Advances in Information and Communication Technology. Vol. 376 AICT 2012. p. 376-387 (IFIP Advances in Information and Communication Technology; Vol. 376 AICT).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Park, H, Jung, SOD, Lee, H & In, H 2012, Cyber weather forecasting: Forecasting unknown Internet worms using randomness analysis. in IFIP Advances in Information and Communication Technology. vol. 376 AICT, IFIP Advances in Information and Communication Technology, vol. 376 AICT, pp. 376-387, 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Heraklion, Crete, Greece, 12/6/4. https://doi.org/10.1007/978-3-642-30436-1_31
Park H, Jung SOD, Lee H, In H. Cyber weather forecasting: Forecasting unknown Internet worms using randomness analysis. In IFIP Advances in Information and Communication Technology. Vol. 376 AICT. 2012. p. 376-387. (IFIP Advances in Information and Communication Technology). https://doi.org/10.1007/978-3-642-30436-1_31
Park, Hyundo ; Jung, Sung Oh David ; Lee, Heejo ; In, Hoh. / Cyber weather forecasting : Forecasting unknown Internet worms using randomness analysis. IFIP Advances in Information and Communication Technology. Vol. 376 AICT 2012. pp. 376-387 (IFIP Advances in Information and Communication Technology).
@inproceedings{5b3b1f13bcfc43f3bfc7937237ba31ee,
title = "Cyber weather forecasting: Forecasting unknown Internet worms using randomness analysis",
abstract = "Since early responses are crucial to reduce the damage from unknown Internet attacks, our first consideration while developing a defense mechanism can be on time efficiency and observing (and predicting) the change of network statuses, even at the sacrifice of accuracy. In the recent security field, it is an earnest desire that a new mechanism to predict unknown future Internet attacks needs to be developed. This motivates us to study forecasting toward future Internet atacks, which is referred to as CWF (Cyber Weather Forecasting). In this paper, in order to show that the principle of CWF can be realized in the real-world, we propose a forecasting mechanism called FORE (FOrecasting using REgression analysis) through the real-time analysis of the randomness in the network traffic. FORE responds against unknown worms 1.8 times faster than the early detection mechanism, named ADUR (Anomaly Detection Using Randomness check), that can detect the worm when only one percent of total number of vulnerable hosts are infected. Furthermore, FORE can give us timely information about the process of the change of the current network situation. Evaluation results demonstrate the prediction efficiency of the proposed mechanism, including the ability to predict worm behaviors starting from 0.03 percent infection. To our best knowledge, this is the first study to achieve the prediction of future Internet attacks.",
keywords = "Forecasting, Internet worm, Randomness check, Regression analysis, Reliability check",
author = "Hyundo Park and Jung, {Sung Oh David} and Heejo Lee and Hoh In",
year = "2012",
month = "7",
day = "23",
doi = "10.1007/978-3-642-30436-1_31",
language = "English",
isbn = "9783642304354",
volume = "376 AICT",
series = "IFIP Advances in Information and Communication Technology",
pages = "376--387",
booktitle = "IFIP Advances in Information and Communication Technology",

}

TY - GEN

T1 - Cyber weather forecasting

T2 - Forecasting unknown Internet worms using randomness analysis

AU - Park, Hyundo

AU - Jung, Sung Oh David

AU - Lee, Heejo

AU - In, Hoh

PY - 2012/7/23

Y1 - 2012/7/23

N2 - Since early responses are crucial to reduce the damage from unknown Internet attacks, our first consideration while developing a defense mechanism can be on time efficiency and observing (and predicting) the change of network statuses, even at the sacrifice of accuracy. In the recent security field, it is an earnest desire that a new mechanism to predict unknown future Internet attacks needs to be developed. This motivates us to study forecasting toward future Internet atacks, which is referred to as CWF (Cyber Weather Forecasting). In this paper, in order to show that the principle of CWF can be realized in the real-world, we propose a forecasting mechanism called FORE (FOrecasting using REgression analysis) through the real-time analysis of the randomness in the network traffic. FORE responds against unknown worms 1.8 times faster than the early detection mechanism, named ADUR (Anomaly Detection Using Randomness check), that can detect the worm when only one percent of total number of vulnerable hosts are infected. Furthermore, FORE can give us timely information about the process of the change of the current network situation. Evaluation results demonstrate the prediction efficiency of the proposed mechanism, including the ability to predict worm behaviors starting from 0.03 percent infection. To our best knowledge, this is the first study to achieve the prediction of future Internet attacks.

AB - Since early responses are crucial to reduce the damage from unknown Internet attacks, our first consideration while developing a defense mechanism can be on time efficiency and observing (and predicting) the change of network statuses, even at the sacrifice of accuracy. In the recent security field, it is an earnest desire that a new mechanism to predict unknown future Internet attacks needs to be developed. This motivates us to study forecasting toward future Internet atacks, which is referred to as CWF (Cyber Weather Forecasting). In this paper, in order to show that the principle of CWF can be realized in the real-world, we propose a forecasting mechanism called FORE (FOrecasting using REgression analysis) through the real-time analysis of the randomness in the network traffic. FORE responds against unknown worms 1.8 times faster than the early detection mechanism, named ADUR (Anomaly Detection Using Randomness check), that can detect the worm when only one percent of total number of vulnerable hosts are infected. Furthermore, FORE can give us timely information about the process of the change of the current network situation. Evaluation results demonstrate the prediction efficiency of the proposed mechanism, including the ability to predict worm behaviors starting from 0.03 percent infection. To our best knowledge, this is the first study to achieve the prediction of future Internet attacks.

KW - Forecasting

KW - Internet worm

KW - Randomness check

KW - Regression analysis

KW - Reliability check

UR - http://www.scopus.com/inward/record.url?scp=84863931485&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84863931485&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-30436-1_31

DO - 10.1007/978-3-642-30436-1_31

M3 - Conference contribution

AN - SCOPUS:84863931485

SN - 9783642304354

VL - 376 AICT

T3 - IFIP Advances in Information and Communication Technology

SP - 376

EP - 387

BT - IFIP Advances in Information and Communication Technology

ER -