limitations that needed to be addressed to forecast
cyber-attacks, such as the large number of different
features, the non constant frequency of measurements
within a predetermined time period, and the distribu-
tion of the cyber-attacks over time.
To tackle these limitations, only features with
Spearman coefficient value of less than 95% were ini-
tially considered. Next, we set minute as the time-step
and the new features were generated taking into ac-
count only the maximum value of the features within
one minute. Then, in addition to the new features, the
detected type of cyber-attacks were also used to fore-
cast next minute’s cyber-attacks. The RF algorithm
was used to detect the type of cyber-attacks.
Finally, three ML methods (LSTM, MLP and LR)
were utilised to provide forecasts for next minute’s
cyber-attacks. All methods performed well at both
DPs that were considered (i.e., 80 and 22), regard-
ing the four metrics, Acc., Prec., Rec. and F1-score.
However, the LSTM method had the most robust per-
formance being able to forecast all types of cyber-
attacks.
As a step further, the proposed framework will
be extended to forecast cyber-attacks in the next sev-
eral minutes. Moreover, it would be interesting to ex-
tend the proposed framework in real-life datasets with
cyber-attacks incidents, which would include more
types of cyber-attacks occurring at the same time.
ACKNOWLEDGEMENTS
This research is part of a project that has received
funding from the European Union’s Horizon 2020 re-
search and innovation programme under AIDA (Grant
Agreement No 883596).
REFERENCES
Ahmet Okutan, Gordon Werner, S. J. Y. and McConky, K.
(2018). Forecasting cyber attacks with imbalanced
data sets and different time granularities. Cybersecu-
rity, 1:1–15.
Bakdash, J. Z., Hutchinson, S., Zaroukian, E. G., Marusich,
L. R., Thirumuruganathan, S., Sample, C., Hoffman,
B., and Das, G. (2018). Malware in the future? fore-
casting of analyst detection of cyber events. Journal
of Cybersecurity, 4(1):tyy007.
Barreto, C. and Koutsoukos, X. (2019). Design of load fore-
cast systems resilient against cyber-attacks. In Inter-
national Conference on Decision and Game Theory
for Security, pages 1–20. Springer.
Blowers, M. and Williams, J. (2014). Machine l earning
applied to cyber operations. In Network science and
cybersecurity, pages 155–175. Springer.
Brockwell, P. J. and Davis, R. A. (2016). Nonstationary and
seasonal time series models. In Introduction to Time
Series and Forecasting, pages 157–193. Springer.
Chawla, N. V., Bowyer, K. W., Hall, L. O., and Kegelmeyer,
W. P. (2002). Smote: synthetic minority over-
sampling technique. Journal of artificial intelligence
research, 16:321–357.
De Winter, J. C., Gosling, S. D., and Potter, J. (2016). Com-
paring the pearson and spearman correlation coeffi-
cients across distributions and sample sizes: A tutorial
using simulations and empirical data. Psychological
methods, 21(3):273.
Dreiseitl, S. and Ohno-Machado, L. (2002). Logistic regres-
sion and artificial neural network classification mod-
els: a methodology review. Journal of biomedical in-
formatics, 35(5-6):352–359.
Dutta, N., Jadav, N., Tanwar, S., Sarma, H. K. D., and Pri-
cop, E. (2022). Intrusion detection systems fundamen-
tals. In Cyber Security: Issues and Current Trends,
pages 101–127. Springer.
Goyal, P., Hossain, K., Deb, A., Tavabi, N., Bartley, N.,
Abeliuk, A., Ferrara, E., and Lerman, K. (2018). Dis-
covering signals from web sources to predict cyber at-
tacks. arXiv preprint, 1:1–11.
Hochreiter, S. and Schmidhuber, J. (1997). Long short-term
memory. Neural computation, 9(8):1735–1780.
Hossin, M. and Sulaiman, M. N. (2015). A review on eval-
uation metrics for data classification evaluations. In-
ternational journal of data mining & knowledge man-
agement process, 5(2):1.
Ivanyo, Y. M., Krakovsky, Y. M., and Luzgin, A. N. (2018).
Interval forecasting of cyber-attacks on industrial con-
trol systems. IOP Conference Series: Materials Sci-
ence and Engineering, 327:1–6.
Ji, S.-Y., Jeong, B. K., Kamhoua, C., Leslie, N., and Jeong,
D. H. (2022). Forecasting network events to estimate
attack risk: Integration of wavelet transform and vec-
tor auto regression with exogenous variables. Journal
of Network and Computer Applications, 203:103392.
Khan, A. S., Ahmad, Z., Abdullah, J., and Ahmad, F.
(2021). A spectrogram image-based network anomaly
detection system using deep convolutional neural net-
work. IEEE Access, 9:87079–87093.
Kingma, D. and Ba, J. (2014a). Adam: A method for
stochastic optimization. arXiv preprint, 1.
Kingma, D. P. and Ba, J. (2014b). Adam: A
method for stochastic optimization. arXiv preprint
arXiv:1412.6980.
Kwon, D., Kim, H., An, D., and Ju, H. (2017). Ddos at-
tack volume forecasting using a statistical approach.
In 2017 IFIP/IEEE Symposium on Integrated Net-
work and Service Management (IM), pages 1083–
1086. IEEE.
Lallie, H. S., Debattista, K., and Bal, J. (2020). A review
of attack graph and attack tree visual syntax in cyber
security. Computer Science Review, 35:100219.
Forecasting Cyber-Attacks to Destination Ports Using Machine Learning
763