ALEAP: Attention-based LSTM with Event Embedding for Attack Projection

• Published in: 2019 IEEE 38th International Performance Computing and Communications Conference (IPCCC) pp. 1 - 8
• Main Authors: Fan, Shuhan, Wu, Songyun, Wang, Zhiliang, Li, Zimu, Yang, Jiahai, Liu, Heng, Liu, Xinran
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.10.2019
• Subjects: attack projection; attention; event embedding; LSTM; security event prediction
• ISSN: 2374-9628
• DOI: 10.1109/IPCCC47392.2019.8958761

Cyberattacks have developed rapidly in diversity and complexity in recent years. Despite the existence of various defense systems, it cannot provide early warnings and prevent catastrophic consequences in advance. Therefore, the need for prediction becomes more and more urgent, especially for those multiple step attacks in which several steps are required for achieving the attack successfully. In this paper, we focus on attack projection that is aimed to predict the next step of the attack based on historical information and gained knowledge of similar events happened in the past. Previous models on attack projection based on probability graph model or simple RNN models, which may limit their capability of noise tolerance and sequence association analysis. To remedy this, we propose a method called ALEAP which incorporates event embedding and attention mechanism into LSTM models to better predict the future events. We test ALEAP on a dataset of millions of security events collected from the multi-source security devices, and show that our approach is effective in event prediction. ALEAP also provides a useful method for security specialists and all computer environment-related parties to better predict attack projection and defend known attacks.