Fibonacci sequence and EWMA for intrusion forecasting system

Availability and reliability from information systems have been threatened by intrusions and Unwanted Internet Traffic (UIT). To protect systems from UIT, it is desirable developing techniques that detect and forecast UIT. Intending to improve intrusion detection, in our earlier work we proposed an approach to cope with UIT in a proactive manner, using forecasting techniques combined with Return on Security Investment (ROSI). In this paper we examine the applicability of a cooperative architecture regarding forecasts of UIT on a more complex set-up, with hosts associated with sites geographically divided. The aim of this paper is to detail the employment of EWMA and Fibonacci forecasting techniques covering three major gaps of current prediction techniques concerning UIT: sensors employment, the use of just one prediction technique and forecasts´ sharing. A proof of concept of such architecture is presented, which allows concluding about the improvement in forecasts for IDS to deal with UIT.