From product recommendation to cyber-attack prediction: generating attack graphs and predicting future attacks

Modern information society depends on reliable functionality of information systems infrastructure, while at the same time the number of cyber-attacks has been increasing over the years and damages have been caused. Furthermore, graphs can be used to show paths than can be exploited by attackers to intrude into systems and gain unauthorized access through vulnerability exploitation. This paper presents a method that builds attack graphs using data supplied from the maritime supply chain infrastructure. The method delivers all possible paths that can be exploited to gain access. Then, a recommendation system is utilized to make predictions about future attack steps within the network. We show that recommender systems can be used in cyber defense by predicting attacks. The goal of this paper is to identify attack paths and show how a recommendation method can be used to classify future cyber-attacks in terms of risk management. The proposed method has been experimentally evaluated and validated, with the results showing that it is both practical and effective.

• Publication year

  2018

• Venue

  Evolutionary Systematics

• Publication date

  2018-04-26

• Fields of study

  Computer Science, Engineering

• Identifiers
  DOI 10.1007/s12530-018-9234-zarXiv 1804.10276
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Cyber-attack path discovery in a dynamic supply chain maritime risk management system

  2018cited by this paper
• Recommender Systems Meeting Security: From Product Recommendation to Cyber-Attack Prediction

  2017cited by this paper
• A dynamic multi-level collaborative filtering method for improved recommendations

  2017cited by this paper
• Trinity: Walking on a User-Object-Tag Heterogeneous Network for Personalised Recommendations

  2016cited by this paper
• K maximum probability attack paths dynamic generation algorithm

  2016cited by this paper
• Risk assessment and attack graph generation for collaborative infrastructures: a survey

  2016cited by this paper
• COUSIN: A network-based regression model for personalized recommendations

  2016cited by this paper
• TasteMiner: Mining partial tastes for neighbor-based collaborative filtering

  2016cited by this paper
• Security Optimization of Dynamic Networks with Probabilistic Graph Modeling and Linear Programming

  2016cited by this paper
• A multi-level collaborative filtering method that improves recommendations

  2016cited by this paper
• Distributed Attack Graph Generation

  2016influential reference
• Recommender system application developments: A survey

  2015cited by this paper
• Collaborative Filtering with Entropy‐Driven User Similarity in Recommender Systems

  2015cited by this paper
• Correcting noisy ratings in collaborative recommender systems

  2015cited by this paper
• HU-FCF: A hybrid user-based fuzzy collaborative filtering method in Recommender Systems

  2014cited by this paper
• A new user similarity model to improve the accuracy of collaborative filtering

  2014cited by this paper
• A Graph Data Model for Attack Graph Generation and Analysis

  2014cited by this paper
• Overview on attack graph generation and visualization technology

  2013cited by this paper
• Recommender Systems: The Importance of Personalization in E-Business Environments

  2013cited by this paper
• Improving accuracy and diversity of personalized recommendation through power law adjustments of user similarities

  2013influential reference
• Improving collaborative filtering-based recommender systems results using Pareto dominance

  2013cited by this paper
• A collaborative filtering similarity measure based on singularities

  2012cited by this paper
• Dynamic Security Risk Management Using Bayesian Attack Graphs

  2012cited by this paper
• An exploration of improving collaborative recommender systems via user-item subgroups

  2012cited by this paper
• Attack Graph Techniques

  2012influential reference
• Quantitative Security Risk Assessment of Enterprise Networks

  2011influential reference
• Utilizing various sparsity measures for enhancing accuracy of collaborative recommender systems based on local and global similarities

  2011cited by this paper
• A planner-based approach to generate and analyze minimal attack graph

  2010cited by this paper
• A Probability-Based Approach to Attack Graphs Generation

  2009cited by this paper
• Modeling Modern Network Attacks and Countermeasures Using Attack Graphs

  2009cited by this paper
• A Survey of Collaborative Filtering Techniques

  2009influential reference
• Next Generation End-To-End Logistics Decision Support Tools. Evolutionary Logistics Planning

  2007cited by this paper
• Practical Attack Graph Generation for Network Defense

  2006cited by this paper
• A scalable approach to attack graph generation

  2006cited by this paper
• Topological analysis of network attack vulnerability

  2006influential reference
• A host-based approach to network attack chaining analysis

  2005cited by this paper
• MulVAL: A Logic-based Network Security Analyzer

  2005cited by this paper
• Learning attack strategies from intrusion alerts

  2003cited by this paper
• Automated generation and analysis of attack graphs

  2002cited by this paper
• Scalable, graph-based network vulnerability analysis

  2002cited by this paper
• Content-boosted collaborative filtering for improved recommendations

  2002cited by this paper
• NetSPA : a Network Security Planning Architecture

  2002cited by this paper
• A requires/provides model for computer attacks

  2001cited by this paper
• Using model checking to analyze network vulnerabilities

  2000cited by this paper
• A graph-based system for network-vulnerability analysis

  1998cited by this paper

• A taxonomy of graph-based risk, vulnerability, and attack assessment methods in IoT systems

  2026cites this paper
• A self-evolution cyber attack scheme generation system for cybersecurity evaluation

  2026cites this paper
• Experimenting with Neurosymbolic Artificial Intelligence for Defending Against Cyber Attacks

  2025cites this paper
• Predictive analytics for cyber-attack timing in power Internet of Things: A FlipIt game-theoretic approach

  2025cites this paper
• Towards Architectural Pen Test Case Generation and Attack Surface Analysis to Support Secure Design

  2025cites this paper
• DeepOP: A Hybrid Framework for MITRE ATT&CK Sequence Prediction via Deep Learning and Ontology

  2025cites this paper
• Enhancing the security of reconfigurable cyber-physical supply chains: reconstructing vulnerable attack paths using AND/OR/QUORUM graphs

  2025cites this paper
• Defining the attractiveness concept for cyber incidents forecasting

  2025cites this paper
• Sharing Is Caring: Hurdles and Prospects of Open, Crowd-Sourced Cyber Threat Intelligence

  2024cites this paper
• Modeling Analyst Intentions Using a Markov Chain for Investigative Action Recommendations

  2024cites this paper
• Dangerous attack paths analysis for power networks based on adaptive limited depth search and improved Z-score pruning

  2024cites this paper
• Number of Cyber Attacks Predicted With Deep Learning Based LSTM Model

  2024cites this paper
• A risk-aware and recommender distributed intrusion detection system for home robots

  2024cites this paper
• GENICS: A Framework for Generating Attack Scenarios for Cybersecurity Exercises on Industrial Control Systems

  2024cites this paper
• Modeling and management of cyber risk: a cross-disciplinary review

  2024cites this paper
• LiteATNet: Predicting APT Attack Using Transformer Model With MITRE ATT&CK Framework

  2024cites this paper
• Artificial intelligence for cybersecurity: Literature review and future research directions

  2023cites this paper
• Attack Hypotheses Generation Based on Threat Intelligence Knowledge Graph

  2023cites this paper
• Survey of Technology in Network Security Situation Awareness

  2023cites this paper
• Forecasting Cyber-Attacks to Destination Ports Using Machine Learning

  2023cites this paper
• The Importance of Conceptualising the Human-Centric Approach in Maintaining and Promoting Cybersecurity-Hygiene in Healthcare 4.0

  2023cites this paper
• A Network Intrusion Detection Method Incorporating Bayesian Attack Graph and Incremental Learning Part

  2023cites this paper
• A Causal Graph-Based Approach for APT Predictive Analytics

  2023cites this paper
• Automatic Derivation of Vulnerability Models for Software Architectures

  2023cites this paper
• DQfD-AIPT: An Intelligent Penetration Testing Framework Incorporating Expert Demonstration Data

  2023cites this paper
• Network Security Situation Prediction Based on Optimized Clock-Cycle Recurrent Neural Network for Sensor-Enabled Networks

  2023cites this paper
• Recommender Systems in Cybersecurity

  2023cites this paper
• MAGD: Minimal Attack Graph Generation Dynamically in Cyber Security

  2023cites this paper
• Architecture-Based Attack Path Analysis for Identifying Potential Security Incidents

  2023influential citation
• Forecasting Intrusion in Critical Power Systems Infrastructure Using Advanced Autoregressive Moving Average (AARMA) Based Intrusion Detection for Efficacious Alert System

  2023cites this paper
• Lightweight Impact Assessment and Projection of Lateral Movement and Malware Infection

  2023influential citation
• The Attacker Might Also Do Next: ATT&CK Behavior Forecasting by Attacker-based Collaborative Filtering and Graph Databases

  2023cites this paper
• Architectural Generation of Context-based Attack Paths

  2022cites this paper
• Military Information Leak Response Technology through OSINT Information Analysis Using SNSes

  2022cites this paper
• ATT&CK Behavior Forecasting based on Collaborative Filtering and Graph Databases

  2022cites this paper
• SoK: Applications and Challenges of using Recommender Systems in Cybersecurity Incident Handling and Response

  2022cites this paper
• GTM: Game Theoretic Methodology for optimal cybersecurity defending strategies and investments

  2022cites this paper
• ProAPT: Projection of APT Threats with Deep Reinforcement Learning

  2022cites this paper
• Developments and research directions in maritime cybersecurity: A systematic literature review and bibliometric analysis

  2022cites this paper
• An Attack Simulation and Evidence Chains Generation Model for Critical Information Infrastructures

  2022influential citation
• REVS: A Vulnerability Ranking Tool for Enterprise Security

  2022cites this paper
• Architectural Attack Propagation Analysis for Identifying Confidentiality Issues

  2022cites this paper
• Super-forecasting the ‘technological singularity’ risks from artificial intelligence

  2022cites this paper
• Information sharing in supply chains - Interoperability in an era of circular economy

  2022cites this paper
• Attack Prediction to Enhance Attack Path Discovery Using Improved Attack Graph

  2022cites this paper
• A Systematic Review of Recommender Systems and Their Applications in Cybersecurity

  2021influential citation
• Description of a Network Attack Ontology Presented Formally

  2021cites this paper
• A review of threat modelling approaches for APT-style attacks

  2021cites this paper
• Cybersecurity in logistics and supply chain management: An overview and future research directions

  2021cites this paper
• Analysis of hidden Markov model learning algorithms for the detection and prediction of multi-stage network attacks

  2020cites this paper
• Perspective in Supply Chain Risk Management

  2020cites this paper
• Challenges and Issues in Risk Assessment in Modern Maritime Systems

  2020cites this paper
• Learning Hidden Markov Models for Linear Gaussian Systems with Applications to Event-based State Estimation

  2020cites this paper
• An Attack Path Generation Methods Based on Graph Database

  2020cites this paper
• FastEmbed: Predicting vulnerability exploitation possibility based on ensemble machine learning algorithm

  2020influential citation
• Attack Hypothesis Generation

  2019cites this paper
• Survey of Attack Projection, Prediction, and Forecasting in Cyber Security

  2019cites this paper
• Exploring Cyber-Security Issues in Vessel Traffic Services

  2018cites this paper
• A Review on Network Attack Graph Technology

  2018cites this paper
• A Novel Risk Assessment Methodology for SCADA Maritime Logistics Environments

  2018influential citation
• Research progress on security technology of networked vessel autonomous navigation system

  year unknowncites this paper
• MIMIR: Modelling user Intentions with Markov chains for Intention Recommendations

  year unknowncites this paper