Reasoning About Future Cyber-Attacks Through Socio-Technical Hacking Information

2019 IEEE 31st International Conference on Tools with Artificial Intelligence (ICTAI) Pub Date : 2019-11-01 DOI:10.1109/ICTAI.2019.00030

E. Marin, Mohammed Almukaynizi, P. Shakarian

{"title":"Reasoning About Future Cyber-Attacks Through Socio-Technical Hacking Information","authors":"E. Marin, Mohammed Almukaynizi, P. Shakarian","doi":"10.1109/ICTAI.2019.00030","DOIUrl":null,"url":null,"abstract":"With the widespread of cyber-attack incidents, cybersecurity has become a major concern for organizations. The waste of time, money and resources while organizations counter irrelevant cyber threats can turn them into the next victim of malicious hackers. In addition, the online hacking community has grown rapidly, making the cyber threat landscape hard to keep track of. In this work, we describe an AI tool that uses a temporal logical framework to learn rules that correlate malicious hacking activity with real-world cyber incidents, aiming to leverage these rules for predicting future cyber-attacks. The framework considers socio-personal and technical indicators of enterprise attacks, analyzing the hackers and their strategies when they are planning cyber offensives online. Our results demonstrate the viability of the proposed approach, which outperforms baseline systems by an average F1 score increase of 138%, 71% and 17% for intervals of 1, 2 and 3 days respectively, providing security teams mechanisms to predict and avoid cyber-attacks.","PeriodicalId":346657,"journal":{"name":"2019 IEEE 31st International Conference on Tools with Artificial Intelligence (ICTAI)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE 31st International Conference on Tools with Artificial Intelligence (ICTAI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICTAI.2019.00030","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

With the widespread of cyber-attack incidents, cybersecurity has become a major concern for organizations. The waste of time, money and resources while organizations counter irrelevant cyber threats can turn them into the next victim of malicious hackers. In addition, the online hacking community has grown rapidly, making the cyber threat landscape hard to keep track of. In this work, we describe an AI tool that uses a temporal logical framework to learn rules that correlate malicious hacking activity with real-world cyber incidents, aiming to leverage these rules for predicting future cyber-attacks. The framework considers socio-personal and technical indicators of enterprise attacks, analyzing the hackers and their strategies when they are planning cyber offensives online. Our results demonstrate the viability of the proposed approach, which outperforms baseline systems by an average F1 score increase of 138%, 71% and 17% for intervals of 1, 2 and 3 days respectively, providing security teams mechanisms to predict and avoid cyber-attacks.

查看原文本刊更多论文

通过社会技术黑客信息推断未来的网络攻击

随着网络攻击事件的广泛发生，网络安全已成为组织关注的主要问题。组织在应对无关的网络威胁时浪费时间、金钱和资源，可能会使他们成为恶意黑客的下一个受害者。此外，网络黑客社区发展迅速，使得网络威胁形势难以追踪。在这项工作中，我们描述了一个人工智能工具，它使用一个时间逻辑框架来学习将恶意黑客活动与现实世界的网络事件相关联的规则，旨在利用这些规则来预测未来的网络攻击。该框架考虑了企业攻击的社会个人和技术指标，分析了黑客及其在线计划网络攻击时的策略。我们的研究结果证明了该方法的可行性，该方法在1天、2天和3天的间隔内分别比基准系统平均提高了138%、71%和17%的F1分数，为安全团队提供了预测和避免网络攻击的机制。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 IEEE 31st International Conference on Tools with Artificial Intelligence (ICTAI)

自引率

0.00%

发文量