Challenges in Forecasting Malicious Events from Incomplete Data. Tavabi, N., Abeliuk, A., Mokhberian, N., Abramson, J., & Lerman, K. In Companion Proceedings of the Web Conference 2020, of WWW '20, pages 603–610, New York, NY, USA, 2020. Association for Computing Machinery. Paper doi abstract bibtex 54 downloads The ability to accurately predict cyber-attacks would enable organizations to mitigate their growing threat and avert the financial losses and disruptions they cause. But how predictable are cyber-attacks? Researchers have attempted to combine external data – ranging from vulnerability disclosures to discussions on Twitter and the darkweb – with machine learning algorithms to learn indicators of impending cyber-attacks. However, successful cyber-attacks represent a tiny fraction of all attempted attacks: the vast majority are stopped, or filtered by the security appliances deployed at the target. As we show in this paper, the process of filtering reduces the predictability of cyber-attacks. The small number of attacks that do penetrate the target’s defenses follow a different generative process compared to the whole data which is much harder to learn for predictive models. This could be caused by the fact that the resulting time series also depends on the filtering process in addition to all the different factors that the original time series depended on. We empirically quantify the loss of predictability due to filtering using real-world data from two organizations. Our work identifies the limits to forecasting cyber-attacks from highly filtered data.
@inproceedings{10.1145/3366424.3385774,
author = {Tavabi, Nazgol and Abeliuk, Andr{\'{e}}s and Mokhberian, Negar and Abramson, Jeremy and Lerman, Kristina},
title = {Challenges in Forecasting Malicious Events from Incomplete Data},
year = {2020},
isbn = {9781450370240},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3366424.3385774},
doi = {10.1145/3366424.3385774},
abstract = {The ability to accurately predict cyber-attacks would enable organizations to mitigate their growing threat and avert the financial losses and disruptions they cause. But how predictable are cyber-attacks? Researchers have attempted to combine external data – ranging from vulnerability disclosures to discussions on Twitter and the darkweb – with machine learning algorithms to learn indicators of impending cyber-attacks. However, successful cyber-attacks represent a tiny fraction of all attempted attacks: the vast majority are stopped, or filtered by the security appliances deployed at the target. As we show in this paper, the process of filtering reduces the predictability of cyber-attacks. The small number of attacks that do penetrate the target’s defenses follow a different generative process compared to the whole data which is much harder to learn for predictive models. This could be caused by the fact that the resulting time series also depends on the filtering process in addition to all the different factors that the original time series depended on. We empirically quantify the loss of predictability due to filtering using real-world data from two organizations. Our work identifies the limits to forecasting cyber-attacks from highly filtered data.},
booktitle = {Companion Proceedings of the Web Conference 2020},
pages = {603–610},
numpages = {8},
keywords = {cyber-attack, permutation entropy, time-series, forecasting, predictability},
location = {Taipei, Taiwan},
series = {WWW '20}
}
Downloads: 54
{"_id":"JKJpd2bNdZpmXeSPr","bibbaseid":"tavabi-abeliuk-mokhberian-abramson-lerman-challengesinforecastingmaliciouseventsfromincompletedata-2020","authorIDs":["2GLrmqhwwX9DFA6ae","8bG2phDPwMEN4Fn2e","C7DSMcPmfoeLvgLYT","Drg2K3pHDbaTEHmzr","KEjdF5JaDrXypJDdN","LLe3HLrMLzuZrHzwL","Xn2jLRCmu2WFswgbq","YB2wHKSQPipMs37Qd","bCcdd57PL3aZJo8Kf","fFgp3BFgsg5gbsusx","fbwoK7T4JSHosNKvD","gH6n6PLTRJquTzLHo","jNh6k7CRkCsmZX4sA","jNsNuJ3gBGfiomQR2","oL6Psk6EbhaheCiKA","oxyx9Jygb7ffiLaS5","pK5vvoNPobHX36T4f","u2JeRXLiyTvjJcssD","xkNSc9eafqiZrSFcH","yAa4h6hovaoG9REaP","ztmPxkg2KFDSR6SbW"],"author_short":["Tavabi, N.","Abeliuk, A.","Mokhberian, N.","Abramson, J.","Lerman, K."],"bibdata":{"bibtype":"inproceedings","type":"inproceedings","author":[{"propositions":[],"lastnames":["Tavabi"],"firstnames":["Nazgol"],"suffixes":[]},{"propositions":[],"lastnames":["Abeliuk"],"firstnames":["Andrés"],"suffixes":[]},{"propositions":[],"lastnames":["Mokhberian"],"firstnames":["Negar"],"suffixes":[]},{"propositions":[],"lastnames":["Abramson"],"firstnames":["Jeremy"],"suffixes":[]},{"propositions":[],"lastnames":["Lerman"],"firstnames":["Kristina"],"suffixes":[]}],"title":"Challenges in Forecasting Malicious Events from Incomplete Data","year":"2020","isbn":"9781450370240","publisher":"Association for Computing Machinery","address":"New York, NY, USA","url":"https://doi.org/10.1145/3366424.3385774","doi":"10.1145/3366424.3385774","abstract":"The ability to accurately predict cyber-attacks would enable organizations to mitigate their growing threat and avert the financial losses and disruptions they cause. But how predictable are cyber-attacks? Researchers have attempted to combine external data – ranging from vulnerability disclosures to discussions on Twitter and the darkweb – with machine learning algorithms to learn indicators of impending cyber-attacks. However, successful cyber-attacks represent a tiny fraction of all attempted attacks: the vast majority are stopped, or filtered by the security appliances deployed at the target. As we show in this paper, the process of filtering reduces the predictability of cyber-attacks. The small number of attacks that do penetrate the target’s defenses follow a different generative process compared to the whole data which is much harder to learn for predictive models. This could be caused by the fact that the resulting time series also depends on the filtering process in addition to all the different factors that the original time series depended on. We empirically quantify the loss of predictability due to filtering using real-world data from two organizations. Our work identifies the limits to forecasting cyber-attacks from highly filtered data.","booktitle":"Companion Proceedings of the Web Conference 2020","pages":"603–610","numpages":"8","keywords":"cyber-attack, permutation entropy, time-series, forecasting, predictability","location":"Taipei, Taiwan","series":"WWW '20","bibtex":"@inproceedings{10.1145/3366424.3385774,\nauthor = {Tavabi, Nazgol and Abeliuk, Andr{\\'{e}}s and Mokhberian, Negar and Abramson, Jeremy and Lerman, Kristina},\ntitle = {Challenges in Forecasting Malicious Events from Incomplete Data},\nyear = {2020},\nisbn = {9781450370240},\npublisher = {Association for Computing Machinery},\naddress = {New York, NY, USA},\nurl = {https://doi.org/10.1145/3366424.3385774},\ndoi = {10.1145/3366424.3385774},\nabstract = {The ability to accurately predict cyber-attacks would enable organizations to mitigate their growing threat and avert the financial losses and disruptions they cause. But how predictable are cyber-attacks? Researchers have attempted to combine external data – ranging from vulnerability disclosures to discussions on Twitter and the darkweb – with machine learning algorithms to learn indicators of impending cyber-attacks. However, successful cyber-attacks represent a tiny fraction of all attempted attacks: the vast majority are stopped, or filtered by the security appliances deployed at the target. As we show in this paper, the process of filtering reduces the predictability of cyber-attacks. The small number of attacks that do penetrate the target’s defenses follow a different generative process compared to the whole data which is much harder to learn for predictive models. This could be caused by the fact that the resulting time series also depends on the filtering process in addition to all the different factors that the original time series depended on. We empirically quantify the loss of predictability due to filtering using real-world data from two organizations. Our work identifies the limits to forecasting cyber-attacks from highly filtered data.},\nbooktitle = {Companion Proceedings of the Web Conference 2020},\npages = {603–610},\nnumpages = {8},\nkeywords = {cyber-attack, permutation entropy, time-series, forecasting, predictability},\nlocation = {Taipei, Taiwan},\nseries = {WWW '20}\n}\n\n\n","author_short":["Tavabi, N.","Abeliuk, A.","Mokhberian, N.","Abramson, J.","Lerman, K."],"key":"10.1145/3366424.3385774","id":"10.1145/3366424.3385774","bibbaseid":"tavabi-abeliuk-mokhberian-abramson-lerman-challengesinforecastingmaliciouseventsfromincompletedata-2020","role":"author","urls":{"Paper":"https://doi.org/10.1145/3366424.3385774"},"keyword":["cyber-attack","permutation entropy","time-series","forecasting","predictability"],"metadata":{"authorlinks":{"lerman, k":"https://www.isi.edu/people-lerman/publications/"}},"downloads":54},"bibtype":"inproceedings","biburl":"https://bibbase.org/network/files/sqH46kqefRrzjMRgA","creationDate":"2020-04-15T14:51:30.194Z","downloads":54,"keywords":["cyber-attack","permutation entropy","time-series","forecasting","predictability"],"search_terms":["challenges","forecasting","malicious","events","incomplete","data","tavabi","abeliuk","mokhberian","abramson","lerman"],"title":"Challenges in Forecasting Malicious Events from Incomplete Data","year":2020,"dataSources":["Hvc9pNwWw2boxABn6","s6gd5K68AyhpXexMs","kxTAWhAJ5AEaGtDRP","KC3KdikWusMDAMjjq","z7QqF2A8ou3hfi75J","2RX7MNkKAsdgHwq9X","36wfufQoyHNKsSR88","W9wiZPEd3CMo9Zvyj","mQx34sdtPSKFkQLhg","wYLr8SBM4nf5YstZT","SEigQLgqEfQhiEw8m","wGK6ZauNs4mPREmZA","myJ9KFC5zXN4qYWpW","BS3GTx7Ge2xwwY8KW","9SkSjEhyTm6fqeDZF","6h4p3KcA7HgFLQpDk","jBaLf3eYjNGbA43MA","hzmGg9XcrhhzCFFLq"]}