Machine learning based attack pattern prediction and classification based on open network data.

Question:

Is it possible to predict the attackers next move?

How:

Given system logs from continuously attacked systems, including shell history files, and network traffic captures.

Can we (with the support from machine learning and AI) do the following?

– Classify critical events in these logs

– Identify the longest chains of events such that they do not overlap?

– Tag these chains with identifiers?

– Accurately predict the next event, given a set of events,  such that they partially or fully match a chain?

– Find causal relationships between chains?

If we can – can we then accurately predict the next N events from an attacker?

Can we classify this attacker based on the known chains?

This would be done by collecting all types of logs from exposed honeypots,  open to be attacked by anyone on the internet (network connection, shell commands, file system events, etc.).

Use these logs to create a machine learning model for events.