Attack Forecast and Prediction

Cyber-security has emerged as one of the most pressing issues for society with actors trying to use offensive capabilities and those who try to leverage on defensive capabilities to secure their assets or knowledge. However, in cyber-space attackers oftentimes have a significant first mover advantage leading to a dynamic cat and mouse game with defenders. Cyber Threat Intelligence (CTI) on past attacks bears potentials that can be used by means of predictive analytics to minimize the attackers first mover advantage. Yet, attack prediction is not an established means and automation levels are low. Within this work, we present Attack Forecast and Prediction (𝐴𝐹 𝑃) which is based on MITRE Adversarial Tactics, Techniques and Common Knowledge (ATT&CK). 𝐴𝐹 𝑃 consists of three modules representing different analytical procedures which are clustering, time series analysis, and genetic algorithms. 𝐴𝐹 𝑃 identifies trends in the usage of attack techniques and crafts forecasts and predictions on future malware and the attack techniques used. We rely on time sorting to generate subgraphs of MITRE ATT&CK and evaluate the accuracy of predictions generated by 𝐴𝐹 𝑃 based on these. ... mehrResults of an experiment performed on the basis of 493 different malware, validate the utility of using 𝐴𝐹 𝑃 for attack prediction. 𝐴𝐹 𝑃 reaches for each module an F-score which is higher than an extrapolation of observed probabilities (baseline) with an F-score of up to 0.83 for a single module. It can hence be considered an effective means for predicting future attack patterns and help security professionals with preparing for future attacks.