Cyberattacks on enterprise networks have moved into an era where both attackers and security analysts utilize complex strategies to confuse and mislead one another. Critical attacks often take multitudes of (technical and non-technical) reconnaissance, exploitations, and obfuscation techniques to achieve the goal of cyber espionage and/or sabotage. The discovery and detection of new exploits, though needing continuous efforts, is no longer sufficient. Forecasting or predicting cyberattacks before they happen with high fidelity and sufficient lead time will offer tremendous value to cyber defense. There have been some, but limited works in the area of forecasting cyberattacks through the use of conventional, (e.g., intrusion detection system and firewall logs), and/or unconventional data, (e.g., Twitter, Open Threat Exchange (OTX), and dark web transactions). This set of works leverage advances in machine learning, data analytics, simulation, threat modeling, sentiment analysis, etc.
- Is forecasting cyberattacks a possibility?
- Will it ever become a reality? Or it is just a unrealizable dream?
This panel aims at integrating researchers and program managers in a variety of disciplines from academia, industry and government to share their thoughts on the possibility of preemptively predicting cyberattacks.