Attack Forecast and Prediction
Cyber-security has emerged as one of the most pressing issues for society with actors trying to use offensive capabilities and those who try to leverage on defensive capabilities to secure their assets or knowledge. However, in cyber-space attackers oftentimes have a significant first mover advantage leading to a dynamic cat and mouse game with defenders. Cyber Treat Intelligence (CTI) on past attacks bears potentials that can be used by means of predictive analytics to minimise the attackers first mover advantage. Yet, attack prediction is not an established means and automation levels are low. Within this work, we present Attack Forecast and Prediction (AFP) which is based on MITRE Adversarial Tactics, Techniques and Common Knowledge (ATT&CK). AFP consists of four modules representing different analytical procedures which are clustering, link prediction, time series analysis, and genetic algorithms. AFP identifies trends in the usage of attack techniques and crafts forecasts and predictions on future malware and the attack techniques used. We rely on time sorting to generate subgraphs of MITRE ATT&CK and evaluate the accuracy of predictions generated by AFP based on these.