A methodology for malware incident prediction in higher education institutions
Data
2024-12-09
Autores
Souza, Rildo Antonio de
Título da Revista
ISSN da Revista
Título de Volume
Editor
Resumo
With the growing threat of malware affecting global organizations, both public and private, it becomes necessary to develop innovative methods to improve the prevention and response to such security incidents. Infections caused by trojans, rapidly propagating worms, and ransomware that encrypts critical data demand robust responses due to the risks they pose to the integrity and availability of information. This work presents a methodology that leverages historical malware incident data to assist CSIRTs (Computer Security Incident Response Teams) and security teams in analyzing behavioral trends. The core of the method is a neural network model employing LSTM (Long Short-Term Memory) for time series analysis, aiming to predict future malware incidents. The model was tested in two distinct scenarios in Public Higher Education Institutions (HEIs) associated with the National Research and Education Network (RNP). In the first scenario, weekly data from 10 institutions were used to train the LSTM, comparing its effectiveness with the statistical ARIMA (Autoregressive Integrated Moving Average) technique. In the second scenario, the analysis was expanded to include all HEIs that are RNP clients, segmented by the Points of Presence (PoPs) in each Brazilian state, demonstrating the method’s applicability and versatility in an extended context. For the development and evaluation of the methodology, real incident data were employed, enabling a detailed analysis of the performance of the LSTM and ARIMA models. The results obtained confirm the effectiveness of the proposed method in predicting malware incidents, emphasizing the creation and implementation of an LSTM model as the core activity. Moreover, the method incorporates a data visualization tool that simplifies the analysis and interpretation of information, facilitating the work of security analysts by translating predictions into clear and actionable insights. This combination of predictive accuracy and analytical accessibility significantly strengthens prevention and response strategies for incidents. As part of the commitment to the community, the developed method, along with the associated tools, will be made publicly available, aiming to support the development of new security solutions, improve proactive threat detection, and contribute to a more robust digital security ecosystem.
Descrição
Palavras-chave
Malware, Cybersecurity Incidents, Incident Forecasting, Higher Education Institutions (HEIs), Long Short-Term Memory (LSTM) Network, Time Series, Autoregressive Integrated Moving Average (ARIMA)