ARIMA Supplemented Security Metrics for Quality Assurance and Situational Awareness

Quality assurance and situational awareness are important areas of interest for CSIRTs and security teams. Significant efforts have been made on defining metrics measuring critical parameters for these fields of application. However, methodical approaches are missing or lacking precision to enable a reliable usage of such metrics for quality assurance and situational awareness. In this contribution, we introduce a method that generalizes the application of ARIMA time series analysis on a well-defined set of metrics (ARIMA supplemented metrics) to facilitate and support quality assurance and situational awareness services. This method is based on research on ARIMA models and metrics and builds on CSIRT best practices. We show how data analysts and security practitioners can incorporate this method into existing best practices for CSIRT services pertaining to quality assurance and situational awareness. The applicability of this method is demonstrated by integrating ARIMA supplemented metrics into exemplary processes for quality assurance and situational awareness to support data analysts and security practitioners in CSIRTs and security teams.