The capabilities of accurate prediction of cyberattacks have long been desired as detection methods cannot avoid the damages caused by occurrences of cyberattack. Attack prediction still remains an open issue especially to specify the upcoming steps of an attack with the quickly evolving intelligent techniques at the attackers’ side. This study proposes a composite learning approach (namely CL-AP2), which fulfills this task in two phases of “attack portraying” and “attack prediction”: (1) (Attack Portraying) CL-AP2 generates a Temporal Attack Knowledge Graph (TAKG) from real-time system logs providing full knowledge that formulates time-aware entities related to attacks and the relations amongst them; Over the TAKG, a Tactic-based Cyber Kill Chain (TCKC) model highlights the attacker’s portrait via evaluation of behaviors in the past, i.e., presenting the tactical path and attack steps taken by the attacker; (2) (Attack Prediction) The Soft Actor–Critic algorithm applies to identify the most possible attack trajectory confined in the attack portrait; The transformer model finally derives the specific attack technique to be taken next.

中文翻译：

---

CL-AP[公式省略]：通过攻击描绘进行攻击预测的复合学习方法


由于检测方法无法避免网络攻击发生所造成的损害，因此人们一直渴望能够准确预测网络攻击。攻击预测仍然是一个悬而未决的问题，特别是通过攻击者一方快速发展的智能技术来指定攻击的后续步骤。本研究提出了一种复合学习方法（即CL-AP2），该方法分“攻击描绘”和“攻击预测”两个阶段来完成此任务：（1）（攻击描绘）CL-AP2生成时间攻击知识图（TAKG） ）来自实时系统日志，提供完整的知识，制定与攻击相关的时间感知实体及其之间的关系；在TAKG上，基于战术的网络杀伤链（TCKC）模型通过对过去行为的评估来突出攻击者的肖像，即呈现攻击者所采取的战术路径和攻击步骤； （2）（攻击预测）Soft Actor-Critic算法用于识别攻击肖像中最可能的攻击轨迹； Transformer模型最终推导出下一步要采取的具体攻击技术。