Stream Data Analytics for Network Attacks’ Prediction

Abstract

Abstract Nowadays stream data, flowing over the modern networks between disparate data sources, become the norm. The broadband Internet, the Internet of Things (IoT) and cloud computing require to analyze the data from streams to make data-driven decisions in real time. In today’s world of more complex and increasing in the number of network attacks, one of their most important data is the data from network security (NS) tools, ensuring their secure and resilient operations and uninterrupted provision of services to its users. At Gartner Data & Analytics Summit-2019 augmented analytics and data management, as well as continuous intelligence and explainable artificial intelligence were indicated among the top trends in data and analytics technology that have significant disruptive potential over the next 3-5 years. In practice, complexities of the modern attack scenarios often make it difficult for NS administrators to understand the current NS-related status and to recognize emerging patterns of attacks in a vast amount of raw data before they make a substantial impact. To benefit from the NS-related stream data, businesses require powerful analytics tools for ingesting and processing it. There are four consequent levels of analytics maturity - namely descriptive, diagnostic, predictive, prescriptive. In this paper, a simplified NS-related stream data architecture, suitable for predicting attacks against network assets and services provided is proposed. In turn, MITRE ATT&CK Matrix is proposed as a source for attacks’ Indicators of Compromise (IoCs) development.