With the rapid growth of information and communication technology such as the Internet, cyber threats from computer hacking, viruses, worms, Trojan horses, etc., are growing. With regard to such cyber threats, there are an intrusion detection system (IDS), an intrusion prevention system (IPS), a control system, an enterprise security management (ESM) system, and so on. The systems can detect a current attack or provide information about a current network state.
However, such information is provided upon a cyber attack, and thus it is difficult for an administrator or user to prevent or prepare for the attack. Also, the information about cyber threats only tells a fragmentary situation, such as a special weather report, and does not include quantified forecast information representing the trends of cyber threat categories, such as hacking and worm viruses, or the overall trend of all cyber threats that a department actually establishing a security policy and budget wants to know.
Thus, when forecast information about cyber threat categories, such as hacking, malicious code and illegal access attempts, is provided in advance to a security staff or persons establishing the security policy and budget of an organization, it may help to establish a countermeasure against cyber attacks of a category that is highly likely to occur in the future and cope with the cyber attacks.
To provide forecast information about cyber threat categories, lower-level cyber threats such as the frequency of intrusion and the frequency of worms and viruses must be forecasted, and also upper-level cyber threats such as the degrees of threat from hacking and malicious code must be forecasted using the forecast result. However, although there is technology for network intrusion detection and prevention, network monitoring, enterprise security management, early cyber threat warning, etc., there is none for forecasting cyber threats having a hierarchical structure yet.