Can We Predict Consequences of Cyber Attacks?

Abstract

Threat modeling is a process by which security designers and researchers analyze the security of a system against known threats and vulnerabilities. There is a myriad of threat intelligence and vulnerability databases that security experts use to make important day-to-day decisions. Security experts and incident responders require the right set of skills and tools to recognize attack consequences and convey them to various stakeholders. In this paper, we used natural language processing (NLP) and deep learning to analyze text descriptions of cyberattacks and predict their consequences. This can be useful to quickly analyze new attacks discovered in the wild, help security practitioners take requisite actions, and convey attack consequences to stakeholders in a simple way. In this work, we predicted the multilabels (availability, access control, confidentiality, integrity, and other) corresponding to each text description in MITRE’s CWE dataset. We compared the performance of various CNN and LSTM deep neural networks in predicting these labels. The results indicate that it is possible to predict multilabels using a LSTM deep neural network with multiple output layers equal to the number of labels. LSTM performance was better when compared to CNN models.