I2TS 01 Forecasting for Return on Security Information Investment: New Approach on Trends in Intrusion Detection and Unwanted Internet Traffic (I2TS 01 Forecasting for Return on Security Information Investment: New Approach on Trends in Intrusion Detection and Unwanted Internet Traffic)

Elvis Pontes (elvis@pontes.inf.br)1, Adilson Eduardo Guelfi (guelfi@lsi.usp.br)2, Edson Alonso (ealonso@lsi.usp.br)3


1Instituto de Pesquisas Tecnológicas de São Paulo
2Instituto de Pesquisas Tecnológicas de São
3Laboratório de Pesquisas de Sistemas Integrados da Escola Politécnica de São Paulo

This paper appears in: Revista IEEE América Latina

Publication Date: Aug. 2009
Volume: 7,   Issue: 4 
ISSN: 1548-0992


Abstract:
The methods used to determine the Return on Security Investment (ROSI) concern historic incidents' analysis, cost avoidance resulting from resistance, recognition and reconstitution efforts. Although some ROSI methods consider security incidents' likelihood, they don't approach studies about forecasts and trends of incidents or unwanted events. Likewise other sciences (seismology, meteorology, vulcanology, and economics) in which extent efforts are done for forecasts, information technology and information security may analyze tendencies, as Internet traffic and intrusion detection trends. The aim of this paper is to show a forecasting approach which could be aggregated to common ROSI methods. In this study, forecasting approach is based on two trend techniques: moving averages and Fibonacci sequence ‑ for security incidents with intrusion detection system (IDS) and unwanted Internet traffic. Tests applied over two datasets (DARPA, KDD), with an IDS, showed that the employed techniques define incidents trends; therefore, forecasting approach may be complementary to ROSI methods

Index Terms:
Fibonacci sequence, forecasting, intrusion detection, moving average, Return on security investment (ROSI), unwanted Internet traffic   


Documents that cite this document
This function is not implemented yet.


[PDF Full-Text (627)]