Chapter 9

Applying a Predictive Methodology: From Principles to Practice

To this point, the book has presented an introduction to the many facets of predicting malicious behavior. We have covered individual and group modeling, as well as examples of individual and group malicious behavior. Although some of the high points of modeling malicious behavior have been introduced, this chapter will provide more detail. Two basic approaches will be described: a manual approach and full AuBA, which is primarily automated. The manual approach does incorporate the use of tools, particularly in using software for pattern classification, but because of the extent of AuBA's automation, AuBA allows for very rapid modeling. However, both approaches lead to the development of predictive software we call engines. Engines, when placed within software applications, can make predictive decisions within 50 microseconds, or 20,000 predictive decisions per second, on an ongoing basis. The accuracy and speed of these predictive engines provide the capability to achieve the paradigm shift needed to achieve a more proactive security stance. In this chapter, I will provide another level of detail as to how we can accurately predict malicious behavior in real time.

Construction of Predictive Models

Chapter 8 listed the basic steps required to move from defining malicious behavior to predicting it to developing an actual predictive engine. The process was developed over repeated development trials and by using ...