Discipline: Computer Sciences and Information Management
Subcategory: Computer Science & Information Systems
Session: 1
Room: Park Tower 8219
Cyanea Van Trieu_Do - University of Texas at San Antonio
Co-Author(s): Richard Garcia, University, San Antonio, TX
Cybersecurity deals with protection of internet-connected systems, including hardware, software, and data, from cyberattacks. Most hackers use malicious logic to exploit vulnerabilities in cybernetwork and gain unauthorized access to computer systems. For this reason, it is vitally important to find attacking patterns and predict attacker’s behaviors. The hypothesis is that the time series of cyberattack on a subnet A may correlate with that on subnet B, which provide a basis to design protection methodology.
The goal of this project is to identify and predict cyberattack patterns in IPv4 address space [1]. In this presentation, we describe a multi-level method to analyze cyberattack data and compute subnet connectivity. Using Multivariate Granger Causality (MVGC) Matlab toolbox, which has the implementation of Vector Autoregressive (VAR) model [2,3].
The data were collected from the Honeypot residing at the campus of the University of Texas at San Antonio. The number of attacks for each subnet in IP space was recorded per day for six months. By applying the proposed method, we analyze causal connections between subnets in the time series dataset. The connection results of every seven days are then visualized and analyzed by Gephi (https://gephi.org) and Muxviz (http://muxviz.net) visualization tools as multilayers networks to identify the change in connection at each subnet.
As a result, the analysis of the large collection dataset, the mathematical model is established to predict the patterns and connections of each subnet in the next time steps. The conclusion is that the ability to predict the next patterns in IP address space can reduce numbers of attacks by performing prevention methodology ahead of time. This project promises an improvement in preventing network security. The future direction is to develop an efficient computational framework so that the prediction can be carried out in real time.
Funder Acknowledgement(s): NSF/HRD #1736209
Faculty Advisor: Yusheng Feng, yusheng.feng@utsa.edu
Role: My part is started from analyzing causal connections between subnets in the time series dataset. The connection results of every seven days are then visualized and analyzed by Gephi and Muxviz visualization tools as multilayers networks to identify the change in connection at each subnet. As a result, the analysis of the large collection dataset, the mathematical model is established to predict the patterns and connections of each subnet in the next time steps.