Cyber threat prediction using dynamic heterogeneous graph learning

摘要

Predicting cyber threats is crucial for uncovering underlying security risks and proactively preventing malicious attacks. However, predicting cyber threats and demystifying the evolutionary patterns are challenging due to the heterogeneity and dynamics of cyber threats. In this paper, we propose CTP-DHGL, a novel Cyber Threat Prediction model based on Dynamic Heterogeneous Graph Learning, to predict the potential cyber threats by investigating public security-related data (e.g., CVE details, ExploitDB). Particularly, we first characterize the interactive relationships among different types of cyber threat objects with a heterogeneous graph. We then formalize cyber threat prediction as a dynamic link prediction task on the heterogeneous graph and propose an end-to-end dynamic heterogeneous graph embedding method to learn the dynamic evolutionary patterns of the graph. As a result, CTP-DHGL can infer potential link relationships based on the evolving graph embedding sequences learned from previous snapshots to infer stealthy cyber threats. The experimental results on real-world datasets verify that CTP-DHGL outperforms the baseline models in learning the evolutionary patterns of cyber threats and predicting potential cyber risks.