Quantitive Time Series Analysis of Malware and Vulnerability Trends [PPT]

The presentation will present the results from a study of Malware trends and show that time series analysis is a valid method of predicting trends in malicious code incidents. The results have applications to operational risk in general and further development of models and risk engines is warranted from the findings. To effectively protect against attacks to the computers systems and network architecture, we need to understand the threats and to be able to create predictive models for them. Viruses, worms, malware and represent a staple in the Information Security Professional.s daily routine.

So far, little emphasis has been placed on the formal quantitative analysis of the intelligence for the purpose of risk and threat management. The creation of Quantitative Risk models in Information Systems Security is a field in its infancy. The prediction of threats is oft touted as being too difficult due to a shortage of data and the costs associated with collecting an analysing data for a site.

In research employed ARIMA models to forecast short-term malware trends. The numbers of incidents are modelled and the incident data are input into the software package for future analysis. Monthly trend patterns are derived from statistic procedure. Although it is widely touted in the industry and by anti-malware vendors, it is demonstrated that the seasonal effects of malicious code incidents were found not to be significant in developing our models.