TY - GEN
T1 - Reasoning about future cyber-attacks through socio-technical hacking information
AU - Marin, Ericsson
AU - Almukaynizi, Mohammed
AU - Shakarian, Paulo
N1 - Funding Information:
ACKNOWLEDGMENT Some authors were supported by the Office of Naval Research (ONR) contract N00014-15-1-2742, the (ONR) Neptune program, the ASU Global Security Initiative (GSI), the ARO grant W911NF1910066 and the National Council for Scientific and TechnologicalDevelopment (CNPq-Brazil).
Publisher Copyright:
© 2019 IEEE.
PY - 2019/11
Y1 - 2019/11
N2 - With the widespread of cyber-attack incidents, cybersecurity has become a major concern for organizations. The waste of time, money and resources while organizations counter irrelevant cyber threats can turn them into the next victim of malicious hackers. In addition, the online hacking community has grown rapidly, making the cyber threat landscape hard to keep track of. In this work, we describe an AI tool that uses a temporal logical framework to learn rules that correlate malicious hacking activity with real-world cyber incidents, aiming to leverage these rules for predicting future cyber-attacks. The framework considers socio-personal and technical indicators of enterprise attacks, analyzing the hackers and their strategies when they are planning cyber offensives online. Our results demonstrate the viability of the proposed approach, which outperforms baseline systems by an average F1 score increase of 138%, 71% and 17% for intervals of 1, 2 and 3 days respectively, providing security teams mechanisms to predict and avoid cyber-attacks.
AB - With the widespread of cyber-attack incidents, cybersecurity has become a major concern for organizations. The waste of time, money and resources while organizations counter irrelevant cyber threats can turn them into the next victim of malicious hackers. In addition, the online hacking community has grown rapidly, making the cyber threat landscape hard to keep track of. In this work, we describe an AI tool that uses a temporal logical framework to learn rules that correlate malicious hacking activity with real-world cyber incidents, aiming to leverage these rules for predicting future cyber-attacks. The framework considers socio-personal and technical indicators of enterprise attacks, analyzing the hackers and their strategies when they are planning cyber offensives online. Our results demonstrate the viability of the proposed approach, which outperforms baseline systems by an average F1 score increase of 138%, 71% and 17% for intervals of 1, 2 and 3 days respectively, providing security teams mechanisms to predict and avoid cyber-attacks.
KW - AI
KW - Cybersecurity
KW - Darkweb
KW - Temporal Logic
UR - http://www.scopus.com/inward/record.url?scp=85081081099&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85081081099&partnerID=8YFLogxK
U2 - 10.1109/ICTAI.2019.00030
DO - 10.1109/ICTAI.2019.00030
M3 - Conference contribution
AN - SCOPUS:85081081099
T3 - Proceedings - International Conference on Tools with Artificial Intelligence, ICTAI
SP - 157
EP - 164
BT - Proceedings - IEEE 31st International Conference on Tools with Artificial Intelligence, ICTAI 2019
PB - IEEE Computer Society
T2 - 31st IEEE International Conference on Tools with Artificial Intelligence, ICTAI 2019
Y2 - 4 November 2019 through 6 November 2019
ER -