The Impact Analysis of Modeling Errors for projecting cyber attacks

One of the important components in predicting a credible future for cyber-attacks is the use of the number of attacks. Therefore, any change in the number of attacks will lead to errors in calculating the probabilities. In this paper, the impact of missing alerts on the predictive performance of Variable Length Markov Model for projecting the cyber-attacks is studied. By developing a comprehensive experiment, the impacts 0f missing alerts on the prediction have been obtained by removing the alerts from different locations of the attack sequence in different states. The results of the experiment show that if missed alerts are from just one part of the sequence they will cause less change in prediction accuracy and if missed alerts are scattered throughout the entire sequence, they will cause more change. When the sequence has a smaller symbol space, relatively less change is occurred in prediction accuracy while having larger symbol space causes more change. Overall, the results represent the strengths and weakness of Variable-Length Markov Model in projecting cyber-attacks. Based on this error analysis, a network analyst can infer and assess the predictive performance of Variable Length Markov Model when intrusion detection system loses some of the alerts. This research is an important step in developing a comprehensive report to assist cyber-attacks analysts.