A Novel Enhanced Naïve Bayes Posterior Probability (ENBPP) Using Machine Learning: Cyber Threat Analysis

摘要

Machine learning techniques, that are based on semantic analysis of behavioural attack patterns, have not been successfully implemented in cyber threat intelligence. This is because of the error prone and time-consuming manual process of deep learning solutions, which is commonly used for searching correlated cyber-attack tactics, techniques and procedures in cyber-attacks prediction techniques. The aim of this paper is to improve the prediction accuracy and the processing time of cyber-attacks prediction mechanisms by proposing enhanced Naïve Bayes posterior probability (ENBPP) algorithm. The proposed algorithm combines two functions; a modified version of Naïve Bayes posterior probability function and a modified risk assessment function. Combining these two functions will enhance the threat prediction accuracy and decrease the processing time. Five different datasets were used to obtain the results. Five different datasets containing 328,814 threat samples were used to obtain the processing time and the prediction accuracy results for the proposed solution. Results show that the proposed solution gives better prediction accuracy and processing time when different examination types and different scenarios are taken into consideration. The proposed solution provides a significant prediction accuracy improvement in threat analysis from 92–96% and decreases the average processing time from 0.043 to 0.028 s compared with the other method. The proposed solution successfully enhances the overall prediction accuracy and improves the processing time by solving the TTPs dependency and the prediction sets threshold problems. Thus, the proposed algorithm reaches a more reliable threat prediction solution.