Cyberattack Prediction Through Public Text Analysis and Mini-Theories

This paper describes a new approach to detection and tracking of potential cyberattacks from analyzing large quantities of cyber-related webpage text, using ontological knowledge about such attacks combined with composable causal models represented in Probabilistic Soft Logic. The stages of a cyberattack kill chain are viewed as a sequence of both observed and unobserved events (e.g., reconnaissance, weaponize, exploit, install) and explicit mentions of, or related to, such events are examined as potential signals for a future attack. Using a suite of natural language processing techniques, sentences from input news texts are automatically classified according to the described cyberattack event, then enriched with named entity recognition for the rapid detection of key elements that might be associated with potential cyberattacks. We present our work as a framework for rapid and flexible predictive analysis of the ever-increasing amount of cyber-related text data, with initial experiments indicating that event detection using parsing and named entity recognition combined with statistical relational learning show promise in time-series prediction from news text.