NANOG Meeting Presentation Abstract

Cloudy with a chance of Breach: Forecasting Cyber Security Incidents
Meeting:	NANOG65
Date / Time:	2015-10-07 10:30am - 11:00am
Room:	Le Grand Salon & Marquette
Presenters:	Speakers: Manish Karir, QuadMetrics Manish Karir has been an active participant in the NANOG community since 2005. He is a frequent presenter at NANOG and over the past 10 years has had the opportunity to present over 11 times on a wide variety of topics including, BGP analysis tools, traffic analysis and visualization tools, darknet traffic research, IRR enhancements, network reputation and RBL analysis, IPv4 address sharing techniques, and cybersecurity posture metrics. His research interests include Internet measurement studies, and large scale network data collection and analysis. Manish is currently the Chief Technology Officer at QuadMetrics.
Abstract:	[This work will first appear at the USENIX Security Symposium in August] In this presentation we characterize the extent to which cyber security incidents, such as those referenced by Verizon in its annual Data Breach Investigations Reports (DBIR), can be predicted based on externally observable properties of an organization’s network. We seek to proactively forecast an organization’s likelihood of a security incident. To accomplish this goal, we collect 258 externally measurable features about an organization’s network from two main categories: mismanagement symptoms, such as misconfigured DNS or BGP within a network, and malicious activity time series, which include spam, phishing, and scanning activity sourced from these organizations. Using these features we train and test a Random Forest (RF) classifier against more than 1,000 incident reports taken from the VERIS community database, Hackmageddon, and the Web Hacking Incidents Database that occurred between mid-2013 and the end of 2014. The resulting classifier is able to achieve a 90% True Positive (TP) rate, a 10% False Positive (FP) rate, and an overall 90% accuracy.
Files:	Cloudy with a chance of Breach(PDF) Cloudy with a chance of Breach: Forecasting Cyber Security Incidents
Sponsors:	None.

Back to NANOG65 agenda.

NANOG65 Abstracts

• Show All

• Conference Opening
  Speakers:
  Tony Tauber, Comcast; Christian S. TacitTorIX; .
  Philippe Couture, Videotron; Clinton Work, TELUS;

• Conference Opening
  Speakers:
  Tony Tauber, Comcast; Christian S. TacitTorIX; .
  Philippe Couture, Videotron; Clinton Work, TELUS;

• Conference Opening
  Speakers:
  Tony Tauber, Comcast; Christian S. TacitTorIX; .
  Philippe Couture, Videotron; Clinton Work, TELUS;

• Conference Opening
  Speakers:
  Tony Tauber, Comcast; Christian S. TacitTorIX; .
  Philippe Couture, Videotron; Clinton Work, TELUS;

• NANOG 65 Keynote Address
  Speakers:
  Jack Waters, Level3 Communications;

• Your Bitcoins or Your Site: An Analysis of the DDoS for Bitcoins (DD4BC) DDoS Extortion Campaign.
  Speakers:
  Roland Dobbins, Arbor Networks;

• The many uses of NetFlow and flow-like data
  Speakers:
  Avi Freedman, Kentik;

• NANOG Board Candidates
  Moderators:
  William CharnockPacketFabric; .
  

• DNS Track
  Speakers:
  Geoff HustonAPNIC; .
  Duane Wessels, VeriSign; Keith MithcellDNS-OARC; .
  Brian SomersOpenDNS ; .
  Ray BellisInternet Systems Consortium; .
  Eddie Winstead.
  Tomas HlavacekCZ.NIC; .
  

• Data Center Track
  Moderators:
  Gabe Cole, RTE Group, Inc.;

• DNS Track
  Speakers:
  Geoff HustonAPNIC; .
  Duane Wessels, VeriSign; Keith MithcellDNS-OARC; .
  Brian SomersOpenDNS ; .
  Ray BellisInternet Systems Consortium; .
  Eddie Winstead.
  Tomas HlavacekCZ.NIC; .
  

• DNS Track
  Speakers:
  Geoff HustonAPNIC; .
  Duane Wessels, VeriSign; Keith MithcellDNS-OARC; .
  Brian SomersOpenDNS ; .
  Ray BellisInternet Systems Consortium; .
  Eddie Winstead.
  Tomas HlavacekCZ.NIC; .
  

• DNS Track
  Speakers:
  Geoff HustonAPNIC; .
  Duane Wessels, VeriSign; Keith MithcellDNS-OARC; .
  Brian SomersOpenDNS ; .
  Ray BellisInternet Systems Consortium; .
  Eddie Winstead.
  Tomas HlavacekCZ.NIC; .
  

• DNS Track
  Speakers:
  Geoff HustonAPNIC; .
  Duane Wessels, VeriSign; Keith MithcellDNS-OARC; .
  Brian SomersOpenDNS ; .
  Ray BellisInternet Systems Consortium; .
  Eddie Winstead.
  Tomas HlavacekCZ.NIC; .
  

• DNS Track
  Speakers:
  Geoff HustonAPNIC; .
  Duane Wessels, VeriSign; Keith MithcellDNS-OARC; .
  Brian SomersOpenDNS ; .
  Ray BellisInternet Systems Consortium; .
  Eddie Winstead.
  Tomas HlavacekCZ.NIC; .
  

• DNS Track
  Speakers:
  Geoff HustonAPNIC; .
  Duane Wessels, VeriSign; Keith MithcellDNS-OARC; .
  Brian SomersOpenDNS ; .
  Ray BellisInternet Systems Consortium; .
  Eddie Winstead.
  Tomas HlavacekCZ.NIC; .
  

• NetDevOps - Ansible 101 to network nirvana
  Speakers:
  Bronwyn Lewis, Packet Clearing House; Matt Peterson, Cumulus Networks;

• NetDevOps - Ansible 101 to network nirvana
  Speakers:
  Bronwyn Lewis, Packet Clearing House; Matt Peterson, Cumulus Networks;

• Demystifying Pros & Cons of large Scale BGP RR deployments
  Speakers:
  rohit bothra, Brocade Communications;

• DDoS Tutorial
  Speakers:
  Krassimir Tzvetanov, A10 Networks, Inc.;

• Security Track
  Speakers:
  Krassimir Tzvetanov, A10 Networks, Inc.;

• Wi-Fi: Fundamentals, Design and Troubleshooting
  Speakers:
  Troy Martin, Aerohive Networks;

• 10 Weird (and Possibly Useful) Things You Didn't Know about International Networks
  Speakers:
  Tim Stronge, TeleGeography;

• Monitor BGP using open source OpenBMP and Apache Kafka
  Speakers:
  Tim Evens, Cisco;

• Building a smallish DC...for the rest of us
  Speakers:
  Karl Brumund, Dyn;

• Running MPLS efficiently in ring networks
  Speakers:
  Ravi Singh, Juniper Networks;

• BGPuma -- Border Gateway Protocol Update Metric Analysis
  Speakers:
  Leigh Metcalf, CERT;

• Whack-a-Mole Routing: The effects of ISP Traffic Engineering on Non-ISP Networks
  Speakers:
  Rick Casarez, Salesforce;

• Distributed Route Aggregation on the Global Network (DRAGON)
  Speakers:
  João Luís Sobrinho, Instituto de Telecomunicações, University of Lisbon;

• Cloudy with a chance of Breach: Forecasting Cyber Security Incidents
  Speakers:
  Manish Karir, QuadMetrics;

• Optimal routing vs. Route Reflector VNF - reconcile the fire with water
  Speakers:
  Rafal Szarecki, Juniper Networks;

• The future of North American Regional BCOP
  Speakers:
  Aaron Hughes6connect; .
  Chris Grundemann.
  

• The future of North American Regional BCOP
  Speakers:
  Aaron Hughes6connect; .
  Chris Grundemann.
  

• Lightning Talks
  Speakers:
  NANOG Lightning TalksNANOG Community; .
  

• Peering Track
  Moderators:
  Sylvie LaPerriere, Google Inc.; Patrick Gilmore, Markley Group; Panelists:
  David E. Young, Verizon; Hank Hultquist, AT&T; Joseph Cavender, Level 3 Communications; Speakers:
  Jon Nistor, TorIX;

• Strategies of packet buffering inside Routers
  Speakers:
  Rafal Szarecki, Juniper Networks;

• Peering Track
  Moderators:
  Sylvie LaPerriere, Google Inc.; Patrick Gilmore, Markley Group; Panelists:
  David E. Young, Verizon; Hank Hultquist, AT&T; Joseph Cavender, Level 3 Communications; Speakers:
  Jon Nistor, TorIX;

• Peering Track
  Moderators:
  Sylvie LaPerriere, Google Inc.; Patrick Gilmore, Markley Group; Panelists:
  David E. Young, Verizon; Hank Hultquist, AT&T; Joseph Cavender, Level 3 Communications; Speakers:
  Jon Nistor, TorIX;

• Peering Track
  Moderators:
  Sylvie LaPerriere, Google Inc.; Patrick Gilmore, Markley Group; Panelists:
  David E. Young, Verizon; Hank Hultquist, AT&T; Joseph Cavender, Level 3 Communications; Speakers:
  Jon Nistor, TorIX;

• Peering Track
  Moderators:
  Sylvie LaPerriere, Google Inc.; Patrick Gilmore, Markley Group; Panelists:
  David E. Young, Verizon; Hank Hultquist, AT&T; Joseph Cavender, Level 3 Communications; Speakers:
  Jon Nistor, TorIX;

• Peering Track
  Moderators:
  Sylvie LaPerriere, Google Inc.; Patrick Gilmore, Markley Group; Panelists:
  David E. Young, Verizon; Hank Hultquist, AT&T; Joseph Cavender, Level 3 Communications; Speakers:
  Jon Nistor, TorIX;

• Proactive Network Configuration Validation with Batfish
  Speakers:
  Todd MillsteinUniversity of California, Los Angeles; .
  ratul mahajanmicrosoft research; .
  Ari Fogel, UCLA; Meg Walraed-SullivanSpace Exploration Technologies; .
  

• Proactive Network Configuration Validation with Batfish
  Speakers:
  Todd MillsteinUniversity of California, Los Angeles; .
  ratul mahajanmicrosoft research; .
  Ari Fogel, UCLA; Meg Walraed-SullivanSpace Exploration Technologies; .
  

• Proactive Network Configuration Validation with Batfish
  Speakers:
  Todd MillsteinUniversity of California, Los Angeles; .
  ratul mahajanmicrosoft research; .
  Ari Fogel, UCLA; Meg Walraed-SullivanSpace Exploration Technologies; .
  

• Proactive Network Configuration Validation with Batfish
  Speakers:
  Todd MillsteinUniversity of California, Los Angeles; .
  ratul mahajanmicrosoft research; .
  Ari Fogel, UCLA; Meg Walraed-SullivanSpace Exploration Technologies; .
  

• Deploying IPv6 at Scale as an ISP
  Speakers:
  Clinton Work, TELUS;

• Closing Remarks
  Speakers:
  Betty Burke, NANOG Executive Director;