A Logic Programming Approach to Predict Enterprise-Targeted Cyberattacks

Mohammed Almukaynizi, Ericsson Marin, Malay Shah, Eric Nunes, Gerardo I. Simari, Paulo Shakarian

Research output: Chapter in Book/Report/Conference proceedingChapter

3 Scopus citations


Although cybersecurity research has demonstrated that many of the recent cyberattacks targeting real-world organizations could have been avoided, proactively identifying and systematically understanding when and why those events are likely to occur is still challenging. It has earlier been shown that monitoring malicious hacker discussions about software vulnerabilities in the Dark web and Deep web platforms (D2web) is indicative of future cyberattack incidents. Based on this finding, a system generating warnings of cyberattack incidents was previously developed. However, key limitations to this approach are (1) the strong reliance on explicit software vulnerability mentions from malicious hackers, and (2) the inability to adapt to the ephemeral, constantly changing nature of D2web sites. In this chapter, we address those limitations by leveraging indicators that capture aggregate discussion trends identified from the context of hacker discussions across multiple hacker community websites. Our approach is evaluated on real-world, enterprise-targeted attack events of malicious emails. Compared to a baseline statistical prediction model, our approach provides better precision-recall tradeoff. In addition, it produces actionable, transparent predictions that provide details about the observed hacker activity and reasoning led to certain decision. Moreover, when the predictions of our approach are fused with the predictions of the statistical prediction model, recall can be improved by over 14% while maintaining precision.

Original languageEnglish (US)
Title of host publicationIntelligent Systems Reference Library
Number of pages20
StatePublished - 2020

Publication series

NameIntelligent Systems Reference Library
ISSN (Print)1868-4394
ISSN (Electronic)1868-4408

ASJC Scopus subject areas

  • Computer Science(all)
  • Information Systems and Management
  • Library and Information Sciences


Dive into the research topics of 'A Logic Programming Approach to Predict Enterprise-Targeted Cyberattacks'. Together they form a unique fingerprint.

Cite this