EAI Endorsed Transactions on Security and Safety (Jun 2020)

Characterizing and Leveraging Granger Causality in Cybersecurity: Framework and Case Study

  • Van Trieu-Do,
  • Richard Garcia-Lebron,
  • Maochao Xu,
  • Shouhuai Xu,
  • Yusheng Feng

DOI
https://doi.org/10.4108/eai.11-5-2021.169912
Journal volume & issue
Vol. 7, no. 25

Abstract

Read online

Causality is an intriguing concept that once tamed, can have many applications. While having been widely investigated in other domains, its relevance and usefulness in the cybersecurity domain has received little attention. In this paper, we present a systematic investigation of a particular approach to causality, known as Granger causality (G-causality), in cybersecurity. We propose a framework, dubbed Cybersecurity Granger Causality (CGC), for characterizing the presence of G-causality in cyber attack rate time series and for leveraging G-causality to predict (i.e., forecast) cyber attack rates. The framework offers a range of research questions, which can be adopted or adapted to study G-causality in other kinds of cybersecurity time series data. In order to demonstrate the usefulness of CGC, we present a case study by applying it to a particular cyber attack dataset collected at a honeypot. From this case study, we draw a number of insights into the usefulness and limitations of G-causality in the cybersecurity domain.

Keywords