Cyber-Attack Consequence Prediction

TL;DR

This paper presents a machine learning approach using NLP techniques to predict cyberattack consequences, aiming to assist security teams by reducing cognitive load and improving communication about attack impacts.

Contribution

It introduces a novel application of NLP and machine learning to predict cyberattack outcomes, aiding security communication and response strategies.

Findings

Achieved 60% accuracy with tf-idf features and LinearSVC.

Compared tf-idf and Doc2Vec models for consequence prediction.

Demonstrated potential to assist cybersecurity stakeholders in understanding attack impacts.

Abstract

Cyber-physical systems posit a complex number of security challenges due to interconnection of heterogeneous devices having limited processing, communication, and power capabilities. Additionally, the conglomeration of both physical and cyber-space further makes it difficult to devise a single security plan spanning both these spaces. Cyber-security researchers are often overloaded with a variety of cyber-alerts on a daily basis many of which turn out to be false positives. In this paper, we use machine learning and natural language processing techniques to predict the consequences of cyberattacks. The idea is to enable security researchers to have tools at their disposal that makes it easier to communicate the attack consequences with various stakeholders who may have little to no cybersecurity expertise. Additionally, with the proposed approach researchers' cognitive load can be reduced by automatically predicting the consequences of attacks in case new attacks are discovered. We compare the performance through various machine learning models employing word vectors obtained using both tf-idf and Doc2Vec models. In our experiments, an accuracy of 60% was obtained using tf-idf features and 57% using Doc2Vec method for models based on LinearSVC model.