Protection of networked computing infrastructures (such as Internet of Things, Industrial Control Systems, and Edge computing) is dependent on the continuous monitoring of interaction between such devices and network/Cloud-based hosts (especially in Industry 4.0 environments). This real-time monitoring enables an analyst to quantify evolving and emerging threats to such network infrastructures. A framework for identifying patterns in observed cyberthreats and the use of these patterns for forecasting the growth of an emerging threat to network infrastructure is proposed. This framework enables predicting the maximum threat intensity and the time period over which this maximum intensity is likely to occur. The proposed framework integrates: (a) continuous monitoring of device/network activity, (b) forecasting behavior using exponentially weighted moving averages, (c) utilizing Fibonacci retracement for estimating the potential intensity of a cyberattack, and (d) linear regression for predicting response time for high risk thresholds and a machine learning strategy to predict potential risk over a pre-defined time window. Using this approach, we can produce time intervals between the forecast and the actual attacks using real-world network activity data. Our results show an average lead time of around 1.75 hours, providing a window of opportunity to limit the impact of an attack and counter it.

中文翻译：

---

用于实时预测网络攻击的安全分析

网络计算基础设施（如物联网、工业控制系统和边缘计算）的保护依赖于对此类设备与基于网络/云的主机（尤其是在工业 4.0 环境中）之间交互的持续监控。这种实时监控使分析师能够量化对此类网络基础设施的不断演变和新出现的威胁。识别观察到的网络威胁模式以及使用这些模式预测新兴网络威胁增长的框架提出了对网络基础设施的威胁。该框架能够预测最大威胁强度和可能出现这种最大强度的时间段。提议的框架集成了：(a) 对设备/网络活动的持续监控，(b) 使用指数加权移动平均线预测行为，(c) 利用斐波那契回撤来估计网络攻击的潜在强度，以及 (d) 线性回归来预测高风险阈值的响应时间和机器学习策略，以预测预定义时间窗口内的潜在风险。使用这种方法，我们可以使用真实世界的网络活动数据生成预测和实际攻击之间的时间间隔。我们的结果显示平均交货时间约为 1.75 小时，