Enhancing an Existing Attack Projection System with Deep Learning

Sammanfattning: As organizations and critical infrastructure increasingly rely on computer networks for their function, cyber defense becomes more and more important. A recent trend is to employ predictive methods in cybersecurity. Attack projection attempts to predict the next step in an ongoing attack. Previous research has attempted to solve attack projection using deep learning relying solely on LSTM networks. In this work, by contrast, we solved the attack projection problem using three different neural network architectures: an LSTM, a Transformer, and a hybrid LSTM­Transformer model. We then proposed a way to integrate our neural models into an existing software framework that relies on sequential rule mining to predict future security alerts. The models were trained and evaluated on a publicly available dataset of network security alerts and evaluated with respect to precision and recall of alert predictions. We found that the Transformer architecture had the best overall performance in all but one experiment and that the LSTM architecture performed the worst across all experiments.