The proposed framework consists of three specialized machine learning and graph neural network models, each responsible for detecting a specific stage of a simplified 3-stage cyber kill chain: Reconnaissance, Privilege Escalation, and Access Exploitation.
The first two stage detectors generate alerts and embeddings as output. The embeddings are then used to predict potential Access Exploitation attacks against specific users who have already been targeted by the earlier reconnaissance and privilege escalation stages.
The context-aware graph neural network models outperform benchmark approaches based on random forest, achieving an average F1-score of 94% across the three stages. The attack prediction results demonstrate the feasibility of anticipating the most harmful Access Exploitation attacks by leveraging the insights from the earlier stages.
The proposed framework provides cybersecurity engineers with more comprehensive visibility into the evolving attack lifecycle, enabling them to better monitor, respond to, and mitigate complex multi-step cyber threats in IoT environments.
To Another Language
from source content
arxiv.org
Key Insights Distilled From
by Hamdi Friji,... at arxiv.org 04-30-2024
https://arxiv.org/pdf/2404.18328.pdfDeeper Inquiries