Network Penetration Intrusion Prediction Based on Attention Seq2seq Model

Intrusion detection is a critical component of network security. However, intrusion detection cannot play a very good role in the face of APT and 0 day. It needs to combine intrusion prevention, deception defense, and other technologies to ensure network security. Intrusion prediction is an important part of intrusion prevention and deception defense. Only by predicting the next possible attack can we prevent the corresponding intrusion or cheat adversary more efficiently. However, the current research on intrusion prediction has not received much attention. Most of the existing intrusion prediction research focuses on the prediction of security situation, specific security events, system calls, etc., having limitation in applicability and sequence dependency. In order to supplement this part of research, this paper reports the prediction of network penetration intrusion sequence for the first time. By introducing the ATT&CK framework, this paper builds a dictionary for the penetration intrusion types and builds three different seq2seq models. The experiment runs on the public and generated sequence data based on real APT events and adversary groups resulting that the model can predict future penetration intrusion sequence with an accuracy of up to 0.90.