sesa 20(25): e4

Research Article

Characterizing and Leveraging Granger Causality in Cybersecurity: Framework and Case Study

Download43 downloads
  • @ARTICLE{10.4108/eai.11-5-2021.169912,
        author={Van Trieu-Do and Richard Garcia-Lebron and Maochao Xu and Shouhuai Xu and Yusheng Feng},
        title={Characterizing and Leveraging Granger Causality in Cybersecurity: Framework and Case Study},
        journal={EAI Endorsed Transactions on Security and Safety},
        volume={7},
        number={25},
        publisher={EAI},
        journal_a={SESA},
        year={2021},
        month={5},
        keywords={Granger Causality, Causality, Cyber Attack Forecasting, Cyber Attack Rate, Time Series},
        doi={10.4108/eai.11-5-2021.169912}
    }
    
  • Van Trieu-Do
    Richard Garcia-Lebron
    Maochao Xu
    Shouhuai Xu
    Yusheng Feng
    Year: 2021
    Characterizing and Leveraging Granger Causality in Cybersecurity: Framework and Case Study
    SESA
    EAI
    DOI: 10.4108/eai.11-5-2021.169912
Van Trieu-Do1, Richard Garcia-Lebron2, Maochao Xu3, Shouhuai Xu4,*, Yusheng Feng1
  • 1: Department of Mechanical Engineering, University of Texas at San Antonio, USA
  • 2: Department of Computer Science, University of Texas at San Antonio, USA
  • 3: Department of Mathematics, Illinois State University, USA
  • 4: Department of Computer Science, University of Colorado Colorado Springs, USA
*Contact email: sxu@uccs.edu

Abstract

Causality is an intriguing concept that once tamed, can have many applications. While having been widely investigated in other domains, its relevance and usefulness in the cybersecurity domain has received little attention. In this paper, we present a systematic investigation of a particular approach to causality, known as Granger causality (G-causality), in cybersecurity. We propose a framework, dubbed Cybersecurity Granger Causality (CGC), for characterizing the presence of G-causality in cyber attack rate time series and for leveraging G-causality to predict (i.e., forecast) cyber attack rates. The framework offers a range of research questions, which can be adopted or adapted to study G-causality in other kinds of cybersecurity time series data. In order to demonstrate the usefulness of CGC, we present a case study by applying it to a particular cyber attack dataset collected at a honeypot. From this case study, we draw a number of insights into the usefulness and limitations of G-causality in the cybersecurity domain.