Cardiff University
Browse
- No file added yet -

Risk Score data for Cyberattacks

Download (27.47 kB)

Our (measurement-based) study is based on malicious network traffic observed by the Palo Alto Networks' Wildfire system. The log files containing malicious traffic instances of 144 consecutive hours were preprocessed to extract information about threats, their categories, severity levels, occurrence time and the targeted software applications, which were then grouped on an hourly basis in terms of threat occurrence time. The collected malicious traffic data has more than 400,000 instances with 278 unique threats targeting 90 different software applications with 5 distinct severity levels (informational, low, medium, high and critical).

We considered the two most frequently occurring threats during the considered time period, which formed 95.67% of the total observed threats. These threats were: i) MS-RDP Brute-Force Attempt (RDP) - which targets Microsoft's Remote Desktop Protocol to remotely access windows servers and desktops by trying several commonly used username and passwords, thus, following a brute-force method to gain unauthorized access to remote systems. MS-RDP is widely used in many Cloud-based deployments to provide remote desktop access to users, based on servers hosted within a data centre; ii)  Android Package File (Android) - distributed using a drive-by download mechanism and targeting Android-based devices, performing the malware-based actions on the device and leaving them more vulnerable to further sophisticated attacks;

Having identified the two most frequently occurring threats we have associated a time unit t with the Risk Score to calculate risk score at a given time instance. The time granularity for this study has been considered as an hour. We calculate Risk Score, associated with a particular threat, λ at time t represented as Riskλ(t) using the following equation:

Riskλ(t)=∑n=1i(Prα(n)|λ(t)∗sev)∗Wsev

The resultant dataset contains three columns, the date, hour and risk score for the threat.

Research results based upon these data are published at http://doi.org/10.1002/spe.2822



Funding

New Industrial Systems: Chatty Factories

Engineering and Physical Sciences Research Council

Find out more...

Identifying and Modelling Victim, Business, Regulatory and Malware Behaviours in a Changing Cyberthreat Landscape

Engineering and Physical Sciences Research Council

Find out more...

History

Usage metrics

    School of Computer Science and Informatics

    Categories

    No categories selected

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC