Attack Step Prediction of Targeted Attacks using Deep Learning

Abstract

Defending against targeted attacks is becoming increasingly difficult as attackers are constantly evolving with more complex and intricate strategies. As more entities are falling victim to targeted attacks and the cost associated with such attacks is skyrocketing, the need for proactive defense is rising. A distinguishing feature of targeted attacks from other cyber attacks is they are mounted in multiple steps. Attackers follow a series of steps like recon, infiltration etc. to reach their final objective. Previous research tried to predict attack steps from IDS alerts and none of them specifically focused on targeted attack. Our key insight is that as targeted attackers employ stealthy and sophisticated approach, they often bypass traditional IDS solutions, rendering IDS alerts based attack step prediction ineffective. In this work, we propose a system that can predict future attack steps in a targeted attack from previously observed attack steps and provide cyber defenders an opportunity to preemptively block an attack. To the best of our knowledge, this is the first work to predict attack steps specifically for targeted attacks. We define attack steps based on ATT&CK framework. We leverage encoder-decoder architecture to build the system as it has been proven to be effective in Natural Language Processing (NLP) for sequence modelling. We test our system on APTGen dataset and show that it can predict the next step to be taken by attacker with 86.83% accuracy. We also show that our system is robust against adversarial manipulation by attackers.