IDS 3G — Third generation for intrusion detection: Applying forecasts and return on security investment to cope with unwanted traffic

Abstract

The methods for Intrusion Detection Systems (IDS) are based on identification and prevention of attacks and threats to computer systems, but there are few studies concerning forecasting approaches. Similarly to other sciences (e.g. seismology, meteorology, and economics) in which extent efforts are done for forecasts, trend analysis could also be employed in information security field. The aim of this paper is to present the challenges in employing forecasting approaches which could be aggregated to traditional ROSI techniques in IDS. In this study, trend analysis is based on moving averages and Fibonacci sequence. Tests applied upon two datasets (DARPA, KDD) indicate that the applied techniques define incidents trends; therefore, forecasting approach may be complementary to ROSI methods.