Having the ability to forecast cyberattacks before they happen will unquestionably change the landscape of cyber warfare and cyber crime. This work predicts specific types of attacks on a potential victim network before the actual malicious actions take place. The challenge to forecasting cyberattacks is to extract relevant and reliable signals to treat sporadic and seemingly random acts of adversaries. This paper builds on multi-faceted machine learning solutions and develops an integrated system to transform large volumes of public data to aggregate signals with imputation that are relevant and predictive of cyber incidents. A comprehensive analysis of the individual parts and the integrated whole demonstrates the effectiveness and trade-offs of the proposed approach. Using 16-months of reported cyber incidents by an anonymized victim organization, the integrated approach achieves up to 87%, 90%, and 96% AUC for forecasting endpoint-malware, malicious-destination, and malicious-email attacks, respectively. When assessed month-by-month, the proposed approach shows robustness to perform consistently well, achieving F-Measure between 0.6 and 1.0. The framework also enables an examination of which unconventional signals are meaningful for cyberattack forecasting.

中文翻译：

---

使用不完整、不平衡和无关紧要的数据预测网络攻击

有能力在网络攻击发生之前进行预测，无疑将改变网络战和网络犯罪的格局。这项工作在实际恶意操作发生之前预测了对潜在受害者网络的特定类型的攻击。预测网络攻击的挑战是提取相关且可靠的信号，以处理对手的零星和看似随机的行为。本文建立在多方面的机器学习解决方案的基础上，并开发了一个集成系统来转换大量公共数据，以聚合与网络事件相关且具有预测性的插补信号。对单个部分和整体的综合分析证明了所提出方法的有效性和权衡。使用匿名受害者组织 16 个月报告的网络事件，该集成方法分别实现了高达 87%、90% 和 96% 的 AUC，用于预测端点恶意软件、恶意目的地和恶意电子邮件攻击。当逐月评估时，所提出的方法显示出稳健性以始终如一地执行良好，实现了 0.6 和 1.0 之间的 F-Measure。该框架还可以检查哪些非常规信号对网络攻击预测有意义。