Characterizing and Leveraging Granger Causality in Cybersecurity: Framework and Case Study
Causality is an intriguing concept that once tamed, can have many applications. While having been widely investigated in other domains, its relevance and usefulness in the cybersecurity domain has received little attention. In this paper, we present a systematic investigation of a particular approac...
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
European Alliance for Innovation (EAI)
2020-06-01
|
| Series: | EAI Endorsed Transactions on Security and Safety |
| Subjects: | |
| Online Access: | https://eudl.eu/pdf/10.4108/eai.11-5-2021.169912 |
| _version_ | 1819289887015174144 |
|---|---|
| author | Van Trieu-Do Richard Garcia-Lebron Maochao Xu Shouhuai Xu Yusheng Feng |
| author_facet | Van Trieu-Do Richard Garcia-Lebron Maochao Xu Shouhuai Xu Yusheng Feng |
| author_sort | Van Trieu-Do |
| collection | DOAJ |
| description | Causality is an intriguing concept that once tamed, can have many applications. While having been widely investigated in other domains, its relevance and usefulness in the cybersecurity domain has received little attention. In this paper, we present a systematic investigation of a particular approach to causality, known as Granger causality (G-causality), in cybersecurity. We propose a framework, dubbed Cybersecurity Granger Causality (CGC), for characterizing the presence of G-causality in cyber attack rate time series and for leveraging G-causality to predict (i.e., forecast) cyber attack rates. The framework offers a range of research questions, which can be adopted or adapted to study G-causality in other kinds of cybersecurity time series data. In order to demonstrate the usefulness of CGC, we present a case study by applying it to a particular cyber attack dataset collected at a honeypot. From this case study, we draw a number of insights into the usefulness and limitations of G-causality in the cybersecurity domain. |
| first_indexed | 2024-12-24T03:13:59Z |
| format | Article |
| id | doaj.art-6f378f6f59ff4c4d8854e6246ef55d96 |
| institution | Directory Open Access Journal |
| issn | 2032-9393 |
| language | English |
| last_indexed | 2024-12-24T03:13:59Z |
| publishDate | 2020-06-01 |
| publisher | European Alliance for Innovation (EAI) |
| record_format | Article |
| series | EAI Endorsed Transactions on Security and Safety |
| spelling | doaj.art-6f378f6f59ff4c4d8854e6246ef55d962022-12-21T17:17:41ZengEuropean Alliance for Innovation (EAI)EAI Endorsed Transactions on Security and Safety2032-93932020-06-0172510.4108/eai.11-5-2021.169912Characterizing and Leveraging Granger Causality in Cybersecurity: Framework and Case StudyVan Trieu-Do0Richard Garcia-Lebron1Maochao Xu2Shouhuai Xu3Yusheng Feng4Department of Mechanical Engineering, University of Texas at San Antonio, USADepartment of Computer Science, University of Texas at San Antonio, USADepartment of Mathematics, Illinois State University, USADepartment of Computer Science, University of Colorado Colorado Springs, USADepartment of Mechanical Engineering, University of Texas at San Antonio, USACausality is an intriguing concept that once tamed, can have many applications. While having been widely investigated in other domains, its relevance and usefulness in the cybersecurity domain has received little attention. In this paper, we present a systematic investigation of a particular approach to causality, known as Granger causality (G-causality), in cybersecurity. We propose a framework, dubbed Cybersecurity Granger Causality (CGC), for characterizing the presence of G-causality in cyber attack rate time series and for leveraging G-causality to predict (i.e., forecast) cyber attack rates. The framework offers a range of research questions, which can be adopted or adapted to study G-causality in other kinds of cybersecurity time series data. In order to demonstrate the usefulness of CGC, we present a case study by applying it to a particular cyber attack dataset collected at a honeypot. From this case study, we draw a number of insights into the usefulness and limitations of G-causality in the cybersecurity domain.https://eudl.eu/pdf/10.4108/eai.11-5-2021.169912granger causalitycausalitycyber attack forecastingcyber attack ratetime series |
| spellingShingle | Van Trieu-Do Richard Garcia-Lebron Maochao Xu Shouhuai Xu Yusheng Feng Characterizing and Leveraging Granger Causality in Cybersecurity: Framework and Case Study EAI Endorsed Transactions on Security and Safety granger causality causality cyber attack forecasting cyber attack rate time series |
| title | Characterizing and Leveraging Granger Causality in Cybersecurity: Framework and Case Study |
| title_full | Characterizing and Leveraging Granger Causality in Cybersecurity: Framework and Case Study |
| title_fullStr | Characterizing and Leveraging Granger Causality in Cybersecurity: Framework and Case Study |
| title_full_unstemmed | Characterizing and Leveraging Granger Causality in Cybersecurity: Framework and Case Study |
| title_short | Characterizing and Leveraging Granger Causality in Cybersecurity: Framework and Case Study |
| title_sort | characterizing and leveraging granger causality in cybersecurity framework and case study |
| topic | granger causality causality cyber attack forecasting cyber attack rate time series |
| url | https://eudl.eu/pdf/10.4108/eai.11-5-2021.169912 |
| work_keys_str_mv | AT vantrieudo characterizingandleveraginggrangercausalityincybersecurityframeworkandcasestudy AT richardgarcialebron characterizingandleveraginggrangercausalityincybersecurityframeworkandcasestudy AT maochaoxu characterizingandleveraginggrangercausalityincybersecurityframeworkandcasestudy AT shouhuaixu characterizingandleveraginggrangercausalityincybersecurityframeworkandcasestudy AT yushengfeng characterizingandleveraginggrangercausalityincybersecurityframeworkandcasestudy |