Time Series Analysis for Cyberthreat Detection and Prevention

Abstract

IT infrastructure exposed to Internet for a period of time, will inevitably expose it to attacks with viruses (worms or trojans). Our current available methods are known not to be full-proof for their prevention and in the worst case the detection of computer system with unauthorized (remote) access. This paper proposes and extended method, applying time series techniques while evaluating the network transfer data. The proposed method tries to improve the detection of abnormal network activity, thus providing a better trigger for other more costly solutions. The downside of this approach is that the system must be informed about changes in networks services and content and still needs a lot of data to be collected in order to provide accurate results. Correlated with netflow® LAN data, the method can be used to identify network stations that are infected with viruses not detected by the installed antivirus solution or stations with compromised security systems.