TY - GEN
T1 - Inductive and Deductive Reasoning to Assist in Cyber-Attack Prediction
AU - Marin, Ericsson
AU - Almukaynizi, Mohammed
AU - Shakarian, Paulo
N1 - Funding Information:
Some of the authors are supported by Cyber Reconnaissance, Inc., the Office of Naval Research, and the National Council for Scientific and Technological Devel. (CNPq-BR).
Publisher Copyright:
© 2020 IEEE.
PY - 2020/1
Y1 - 2020/1
N2 - Information about cyber-attack planning has been increasingly shared by malicious hackers online, making what was once a hard-to-penetrate market becomes accessible to a wider population. Although this trend helps to produce a huge amount of malware, it also provides intelligence for defenders since the shared information can be leveraged as precursors of cyber-attacks. In this work, we apply Annotated Probabilistic Temporal (APT) logic into the cybersecurity domain to accomplish two tasks: 1) induct APT rules that correlate malicious hacking activity with enterprise attacks to predict imminent cyber incidents; 2) leverage a deductive approach that combines attack predictions for more accurate security warnings. Results demonstrate considerable prediction gains in F1 score (up to 150.24%) compared to the baseline when the pre-conditions of APT rules include socio-personal indicators of the hackers behind cyber incidents, and when the predictions made for a given day are combined using deduction (up to 182.38%). Those findings highlight how AI tools can empower proactive cyber defense.
AB - Information about cyber-attack planning has been increasingly shared by malicious hackers online, making what was once a hard-to-penetrate market becomes accessible to a wider population. Although this trend helps to produce a huge amount of malware, it also provides intelligence for defenders since the shared information can be leveraged as precursors of cyber-attacks. In this work, we apply Annotated Probabilistic Temporal (APT) logic into the cybersecurity domain to accomplish two tasks: 1) induct APT rules that correlate malicious hacking activity with enterprise attacks to predict imminent cyber incidents; 2) leverage a deductive approach that combines attack predictions for more accurate security warnings. Results demonstrate considerable prediction gains in F1 score (up to 150.24%) compared to the baseline when the pre-conditions of APT rules include socio-personal indicators of the hackers behind cyber incidents, and when the predictions made for a given day are combined using deduction (up to 182.38%). Those findings highlight how AI tools can empower proactive cyber defense.
KW - AI
KW - Cybersecurity
KW - Darkweb
KW - Hacking
KW - Logic
UR - http://www.scopus.com/inward/record.url?scp=85083081758&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85083081758&partnerID=8YFLogxK
U2 - 10.1109/CCWC47524.2020.9031154
DO - 10.1109/CCWC47524.2020.9031154
M3 - Conference contribution
AN - SCOPUS:85083081758
T3 - 2020 10th Annual Computing and Communication Workshop and Conference, CCWC 2020
SP - 262
EP - 268
BT - 2020 10th Annual Computing and Communication Workshop and Conference, CCWC 2020
A2 - Chakrabarti, Satyajit
A2 - Paul, Rajashree
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 10th Annual Computing and Communication Workshop and Conference, CCWC 2020
Y2 - 6 January 2020 through 8 January 2020
ER -