A method of detecting and predicting attack vectors based on genetic programming

Abstract: This Master's thesis presents a novel approach for detecting and predicting attack vectors based on genetic programming. The proposed method utilizes a genetic algorithm to evolve a set of rules that predict attack vectors over the system based on caught indicators of compromise. The generated rules are then used to identify potential attack vectors and predict how it started and how it will develop in future. The research aims to improve the accuracy and efficiency of existing methods for attack detection and prediction. The proposed approach is evaluated using real-world attack data and compared against several state-of-the-art techniques. Results indicate that the proposed method outperforms existing approaches in terms of detection accuracy and prediction capability. This research has important implications for the field of cybersecurity and can assist organizations in developing more effective and proactive defense strategies against cyberattacks. Background. Cybersecurity is an increasingly critical issue in today's digital age. Cyberattacks are becoming more sophisticated, making it challenging for traditional defense mechanisms to detect and prevent them. Therefore, it is crucial to develop new and innovative methods for identifying and predicting potential attack vectors. In this context, this Master's thesis presents a novel approach to detecting and predicting attack vectors based on genetic programming. The proposed method aims to improve the accuracy and efficiency of existing approaches to cyberattack detection and prediction. Objectives.This Master’s thesis aims to reach the following objectives: 1. To identify the limitations of existing approaches to cyberattack detection and prevention and propose a novel method based on genetic programming. 2. To develop a genetic programming-based algorithm to evolve a model for attack-vectors prediction. 3. To evaluate the effectiveness of the proposed approach using real-world attack data Methods. The methods used in this Master's thesis combine literature review, data collection, algorithm development, experimentation, data analysis, and recommendations to improving approach to detecting and predicting attack vectors using genetic programming. The research aims to contribute to the field of cybersecurity by advancing our understanding of cyberattack detection and prevention. Results. The proposed method has the potential to enhance the accuracy and efficiency of cyberattack detection and prediction, which can help organizations prevent or mitigate the impact of cyberattacks. Future improvements can include more complex MITRE ATT&CK datasets, including Mobile and ICS matrices. Conclusions. The genetic programming-based algorithm developed in this thesis was shown to be effective in detecting and predicting attack vectors using real-world attack data. The proposed approach has the potential to improve organizations' cybersecurity posture by providing a proactive defense strategy against cyberattacks.