Forecasting cyber threats & pertinent alleviation technologies

Abstract

Traditionally, cyber-attack detection relies on reactive techniques, where pattern-matching algorithms help human experts to scan system logs and network traffic for known virus signatures. Recent research has introduced effective Machine Learning (ML) models for cyber-attack detection. However, approaches that can forecast attacks likely to happen in the long term are also desirable, as this gives defenders more time to develop defensive actions and tools. Today, long-term predictions of attack waves are based on the subjective perceptiveness of human experts, susceptible to bias. This work introduces a novel ML-based approach that leverages unstructured big data to forecast the trend of cyber-attacks, years in advance. To this end, we develop a framework that utilises a monthly dataset of major cyber incidents in 36 countries over the past 11 years, with new features extracted from big data sources, namely news, government advisories, research literature, and tweets. Our framework not only forecasts attack trends automatically, but also generates a threat cycle that drills down into five key phases that constitute the life cycle of 42 known cyber threats. Our research advances to the next level, by predicting the disparity between cyber-attack trends and the trend of the relevant alleviation technologies. These predictive analyses inform investment decisions in cyber security technologies and provide a fundamental basis for strategic choices by national defence agencies. Here, we expand our dataset with records for the trend of 98 alleviation technologies. Using our expanded dataset, we construct a graph that elucidates the interplay between cyber threats and pertinent alleviation technologies. To forecast the graph, we propose a Bayesian adaptation of a Graph Neural Network (GNN) model. Furthermore, we generate future data projections for the next three years, including the gap between the trend of cyber-attacks and the associated technologies. Consequently, we introduce the concept of "alleviation technologies cycle", delineating the key phases in the life cycle of 98 technologies. To bolster the transparency of our model, we incorporate explainability features, fostering a clear and informed decision-making process.