{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,21]],"date-time":"2026-02-21T01:05:06Z","timestamp":1771635906936,"version":"3.50.1"},"reference-count":56,"publisher":"Oxford University Press (OUP)","issue":"1","funder":[{"name":"US Army Research Laboratory Postdoctoral Fellowship Program"},{"name":"Senior Fellowship Program","award":["W911NF-17\u20132\u20130003"],"award-info":[{"award-number":["W911NF-17\u20132\u20130003"]}]},{"DOI":"10.13039\/100000183","name":"Army Research Office","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100000183","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100006754","name":"Army Research Laboratory","doi-asserted-by":"publisher","award":["W911NF-15-1-0020"],"award-info":[{"award-number":["W911NF-15-1-0020"]}],"id":[{"id":"10.13039\/100006754","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["1745925"],"award-info":[{"award-number":["1745925"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018,1,1]]},"DOI":"10.1093\/cybsec\/tyy007","type":"journal-article","created":{"date-parts":[[2018,12,22]],"date-time":"2018-12-22T10:28:10Z","timestamp":1545474490000},"source":"Crossref","is-referenced-by-count":28,"title":["Malware in the future? Forecasting of analyst detection of cyber events"],"prefix":"10.1093","volume":"4","author":[{"given":"Jonathan Z","family":"Bakdash","sequence":"first","affiliation":[{"name":"US Army Research Laboratory South at the University of Texas at Dallas, Richardson, TX, USA"},{"name":"Department of Psychology, Counseling, and Special Education, Texas A&M Commerce, Commerce, TX, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Steve","family":"Hutchinson","sequence":"additional","affiliation":[{"name":"Computational and Information Sciences Directorate, ICF for the US Army Research Laboratory, Adelphi, MD, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Erin G","family":"Zaroukian","sequence":"additional","affiliation":[{"name":"Human Research and Engineering Directorate, US Army Research Laboratory, Aberdeen Proving Ground, MD, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Laura R","family":"Marusich","sequence":"additional","affiliation":[{"name":"US Army Research Laboratory South at the University of Texas at Arlington, Arlington, TX, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Saravanan","family":"Thirumuruganathan","sequence":"additional","affiliation":[{"name":"Qatar Computing and Research Institute, Qatar Foundation, Doha, Qatar"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Charmaine","family":"Sample","sequence":"additional","affiliation":[{"name":"Computational and Information Sciences Directorate, ICF for the US Army Research Laboratory, Adelphi, MD, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Blaine","family":"Hoffman","sequence":"additional","affiliation":[{"name":"Human Research and Engineering Directorate, US Army Research Laboratory, Aberdeen Proving Ground, MD, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gautam","family":"Das","sequence":"additional","affiliation":[{"name":"Computer Science and Engineering Department, University of Texas at Arlington, Arlington, TX, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"286","published-online":{"date-parts":[[2018,12,22]]},"reference":[{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B1","first-page":"1","volume-title":"Cyberspace Operations","author":"Joint Chiefs of Staff"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B2","first-page":"1","volume-title":"The DOD Cyber Strategy","author":"Carter","year":"2015"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B3","volume-title":"DoD Cybersecurity Discipline Implementation Plan","year":"2016"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B4","doi-asserted-by":"crossref","first-page":"e0124472","DOI":"10.1371\/journal.pone.0124472","article-title":"Spatiotemporal patterns and predictability of cyberattacks","volume":"10","author":"Chen","year":"2015","journal-title":"PloS One"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B5","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1038\/srep05659","article-title":"A genetic epidemiology approach to cyber-security","volume":"4","author":"Gil","year":"2014","journal-title":"Sci Rep"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B6","first-page":"1","article-title":"Modeling and predicting extreme cyberattack rates via marked point processes","volume":"44","author":"Peng","year":"2016","journal-title":"J Appl Stat"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B7","doi-asserted-by":"crossref","first-page":"312","DOI":"10.1016\/j.inffus.2009.01.003","article-title":"Processing intrusion detection alert aggregates with time series modeling","volume":"10","author":"Viinikka","year":"2009","journal-title":"Inf Fusion"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B8","doi-asserted-by":"crossref","first-page":"508","DOI":"10.1080\/00401706.2016.1256841","article-title":"A Vine copula model for predicting the effectiveness of cyber defense early-warning","volume":"59","author":"Xu","year":"2016","journal-title":"Technometrics"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B9","doi-asserted-by":"crossref","first-page":"1666","DOI":"10.1109\/TIFS.2015.2422261","article-title":"Predicting cyberattack rates with extreme values","volume":"10","author":"Zhan","year":"2015","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B10","doi-asserted-by":"crossref","first-page":"1775","DOI":"10.1109\/TIFS.2013.2279800","article-title":"Characterizing honeypot-captured cyberattacks: statistical framework and case study","volume":"8","author":"Zhan","year":"2013","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B11","doi-asserted-by":"crossref","first-page":"77","DOI":"10.1109\/ISSRE.2008.39","article-title":"Analysis of computer security incident data using time series models","volume-title":"2008 19th International Symposium on Software Reliability Engineering (ISSRE)","author":"Condon","year":"2008"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B12","doi-asserted-by":"crossref","first-page":"2348","DOI":"10.1109\/TIFS.2017.2705629","article-title":"Burstiness of intrusion detection process: empirical evidence and a modeling approach","volume":"12","author":"Harang","year":"2017","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B13","doi-asserted-by":"crossref","first-page":"102","DOI":"10.1145\/1128817.1128835","article-title":"Time series modeling for IDS alert management","volume-title":"Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security","author":"Viinikka","year":"2006"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B14","first-page":"255","article-title":"Using InetVis to evaluate Snort and Bro scan detection on a network telescope","volume-title":"VizSEC","author":"Irwin","year":"2008"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B15","doi-asserted-by":"crossref","first-page":"3448","DOI":"10.1016\/j.comnet.2007.02.001","article-title":"An overview of anomaly detection techniques: existing solutions and latest technological trends","volume":"51","author":"Patcha","year":"2007","journal-title":"Comput Netw"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B16","first-page":"61","article-title":"Computer security incident handling guide","volume":"800","author":"Cichonski","year":"2012","journal-title":"NIST Spec Publ"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B17","doi-asserted-by":"crossref","first-page":"262","DOI":"10.1145\/382912.382923","article-title":"Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory","volume":"3","author":"McHugh","year":"2000","journal-title":"ACM Trans Inf Syst Secur TISSEC"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B18","first-page":"1","article-title":"A detailed analysis of the KDD CUP 99 data set","volume-title":"IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA)","author":"Tavallaee","year":"2009"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B19","unstructured":"KDDCUP 1999 Data. http:\/\/kdd.ics.uci.edu\/databases\/kddcup99\/kddcup99.html (29 October 2018, date last accessed)."},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B20","article-title":"others. A forecasting model for internet security attacks","volume-title":"National Information System Security Conference","author":"Korzyk Sr A","year":"1998"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B21","doi-asserted-by":"crossref","first-page":"207","DOI":"10.1038\/nature03459","article-title":"The origin of bursts and heavy tails in human dynamics","volume":"435","author":"Barabasi","year":"2005","journal-title":"Nature"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B22","doi-asserted-by":"crossref","first-page":"59","DOI":"10.1007\/s10182-010-0139-9","article-title":"Useful models for time series of counts or simply wrong ones?","volume":"95","author":"Jung","year":"2011","journal-title":"AStA Adv Stat Anal"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B23","first-page":"1","volume-title":"Time Series Forecasting of Cyber Attack Intensity","author":"Werner","year":"2017"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B24","first-page":"110","article-title":"Towards a forecasting model for distributed Denial of Service activities","author":"Fachkha","year":"2013","journal-title":"IEEE"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B25","first-page":"1009","article-title":"Cloudy with a chance of breach: forecasting cyber security incidents","author":"Liu","year":"2015","journal-title":"24th USENIX Security Symposium (USENIX Security 15)"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B26","doi-asserted-by":"crossref","DOI":"10.6028\/NIST.SP.800-83r1","volume-title":"Guide to Malware Incident Prevention and Handling for Desktops and Laptops","author":"Souppaya","year":"2013"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B27","doi-asserted-by":"crossref","DOI":"10.21236\/ADA421664","volume-title":"State of the practice of computer security incident response teams (CSIRTs)","author":"Killcrece","year":"2003"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B28","doi-asserted-by":"crossref","first-page":"19","DOI":"10.1007\/978-3-540-78243-8_2","article-title":"The real work of computer network defense analysts","volume-title":"VizSEC 2007","author":"D\u2019Amico","year":"2008"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B29"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B30","volume-title":"6510.01B: Cyber Incident Handling Program","author":"Chairman of the Joint Chiefs of Staff Manual","year":"2012"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B31","doi-asserted-by":"crossref","first-page":"373","DOI":"10.1023\/A:1024940629314","article-title":"Bursty and hierarchical structure in streams","volume":"7","author":"Kleinberg","year":"2003","journal-title":"Data Min Knowl Discov"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B32","first-page":"4","article-title":"Predicting the present with bayesian structural time series","volume":"5","author":"Scott","year":"2014","journal-title":"Int J Math Model Numer Optim"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B33","doi-asserted-by":"crossref","first-page":"439","DOI":"10.1016\/S0169-2070(01)00110-8","article-title":"A state space framework for automatic forecasting using exponential smoothing methods","volume":"18","author":"Hyndan","year":"2002","journal-title":"Int J Forecast"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B34","doi-asserted-by":"crossref","DOI":"10.1201\/b10905","volume-title":"Handbook of Markov Chain Monte Carlo","author":"Brooks","year":"2011"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B35","doi-asserted-by":"crossref","first-page":"1","DOI":"10.18637\/jss.v080.i01","article-title":"brms: an R package for Bayesian multilevel models using STAN","volume":"80","author":"B\u00fcrkner","year":"2017","journal-title":"J Stat Softw"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B36","doi-asserted-by":"crossref","DOI":"10.18637\/jss.v076.i01","article-title":"Stan: a probabilistic programming language","volume":"76","author":"Carpenter","year":"2017","journal-title":"J Stat Softw"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B37","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4419-7865-3","volume-title":"Time Series Analysis and Its Applications","author":"Shumway","year":"2011"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B38","first-page":"867","article-title":"A widely applicable Bayesian information criterion","volume":"14","author":"Watanabe","year":"2013","journal-title":"J Mach Learn Res"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B39","doi-asserted-by":"crossref","first-page":"178","DOI":"10.3758\/s13423-016-1221-4","article-title":"The Bayesian new statistics: hypothesis testing, estimation, meta-analysis, and power analysis from a Bayesian perspective","volume":"25","author":"Kruschke","year":"2018","journal-title":"Psychon Bull Rev"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B40","doi-asserted-by":"crossref","first-page":"679","DOI":"10.1016\/j.ijforecast.2006.03.001","article-title":"Another look at measures of forecast accuracy","volume":"22","author":"Hyndman","year":"2006","journal-title":"Int J Forecast"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B41","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2882969","article-title":"Dynamic scheduling of cybersecurity analysts for minimizing risk using reinforcement learning","volume":"8","author":"Ganesan","year":"2016","journal-title":"ACM Trans Intell Syst Technol TIST"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B42","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2914795","article-title":"Optimal scheduling of cybersecurity analysts for minimizing risk","volume":"8","author":"Ganesan","year":"2017","journal-title":"ACM Trans Intell Syst Technol TIST"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B43","doi-asserted-by":"crossref","first-page":"67","DOI":"10.1016\/0149-7189(79)90048-X","article-title":"Assessing the impact of planned social change","volume":"2","author":"Campbell","year":"1979","journal-title":"Eval Program Plann"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B44","doi-asserted-by":"crossref","first-page":"2856","DOI":"10.1109\/TIFS.2018.2834227","article-title":"Modeling and predicting cyber hacking breaches","volume":"13","author":"Xu","year":"2018","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B45","doi-asserted-by":"crossref","first-page":"285","DOI":"10.1111\/j.1751-5823.2004.tb00237.x","article-title":"Causality: a statistical view","volume":"72","author":"Cox","year":"2007","journal-title":"Int Stat Rev"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B46","doi-asserted-by":"crossref","first-page":"95","DOI":"10.1016\/S0951-8320(96)00067-1","article-title":"Uncertainties in risk analysis: six levels of treatment","volume":"54","author":"Pat\u00e9-Cornell","year":"1996","journal-title":"Reliab Eng Syst Saf"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B47","doi-asserted-by":"crossref","first-page":"1203","DOI":"10.1126\/science.1248506","article-title":"The parable of Google Flu: traps in big data analysis","volume":"343","author":"Lazer","year":"2014","journal-title":"Science"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B48","volume-title":"Deterring Malicious Behavior in Cyberspace","author":"Jasper","year":"2015"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B49","doi-asserted-by":"crossref","first-page":"767","DOI":"10.1093\/biomet\/88.3.767","article-title":"Testing the number of components in a normal mixture","volume":"88","author":"Lo","year":"2001","journal-title":"Biometrika"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B50","volume-title":"Determining a Relationship between Foreign News Media Reports Covering U.S. Military Events and Network Incidents Against DoD Networks","author":"Jaros","year":"2005"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B51","unstructured":"Sample C . Cyber + Culture Early Warning Study. Special report CMU\/SEI-2015-SR-025. Retrieved fromhttp:\/\/resources. sei. cmu. edu\/asset_files\/SpecialReport\/2015_003_001_449739. pdf, 2015 (29 October 2018, date last accessed)."},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B52","doi-asserted-by":"crossref","DOI":"10.1038\/srep10998","article-title":"Failure dynamics of the global risk network","volume":"5","author":"Szymanski","year":"2015","journal-title":"Sci Rep"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B53","article-title":"Limits of risk predictability in a cascading alternating renewal process model","volume":"7","author":"Lin","year":"2017","journal-title":"Sci Rep"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B54","doi-asserted-by":"crossref","first-page":"51","DOI":"10.1038\/nature12047","article-title":"Globally networked risks and how to respond","volume":"497","author":"Helbing","year":"2013","journal-title":"Nature"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B55","doi-asserted-by":"crossref","first-page":"7","DOI":"10.1109\/ISI.2016.7745435","article-title":"Darknet and deepnet mining for proactive cybersecurity threat intelligence","volume-title":"Intelligence and Security Informatics (ISI), 2016 IEEE Conference On","author":"Nunes","year":"2016"},{"key":"key\n\t\t\t\t2019012511054233100_tyy007-B56","doi-asserted-by":"crossref","first-page":"154","DOI":"10.1080\/13875868.2015.1137577","article-title":"Non-expert interpretations of hurricane forecast uncertainty visualizations","volume":"16","author":"Ruginski","year":"2016","journal-title":"Spat Cogn Comput"}],"container-title":["Journal of Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/academic.oup.com\/cybersecurity\/article-pdf\/4\/1\/tyy007\/27239107\/tyy007.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,9,12]],"date-time":"2023-09-12T11:37:03Z","timestamp":1694518623000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article\/doi\/10.1093\/cybsec\/tyy007\/5257795"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,1,1]]},"references-count":56,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2018,12,22]]},"published-print":{"date-parts":[[2018,1,1]]}},"URL":"https:\/\/doi.org\/10.1093\/cybsec\/tyy007","relation":{},"ISSN":["2057-2085","2057-2093"],"issn-type":[{"value":"2057-2085","type":"print"},{"value":"2057-2093","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2018]]},"published":{"date-parts":[[2018,1,1]]}}}