MODEL FOR PREDICTING STRUCTURAL CHANGES IN THE SPACE OF POSSIBLE IMPLEMENTATIONS OF CYBERATTACK TECHNIQUES BASED ON TOPOLOGICAL CONSTRAINTS OF THEIR EVOLUTION USING TEMPORAL GRAPH NEURAL NETWORKS

Authors

DOI:

https://doi.org/10.28925/2663-4023.2026.32.1201

Keywords:

Обрані:cyber resilience; information and communication systems; forecasting; cyberattack techniques; neural networks; temporal graph neural networks; topological data analysis; patterns.

Abstract

In the context of the issue of increasing the cyber resilience of information and communication systems (ICS), the scientific task of predicting structural changes in cyberattack techniques in the space of their possible implementations is solved using the MITRE ATT&CK taxonomy as an example. The relevance of the above is due to the objective limitations of existing approaches to hunting for new ways of implementing cyberthreats (preventing cyberattacks before their implementation), in particular by means of machine learning. Thus, existing types of artificial neural networks used to predict cyberattacks (cyberattack techniques), such as recurrent, transformer, convolutional, graph, temporal graph and autoencoders, although they take into account various aspects of the data structure (feature space, temporal dependencies, global context, graph structure, latent representations, data distribution), approximating the function of interdependence between data, reveal only a statistical structure, which does not allow fully taking into account stable structural evolutionary patterns. In this regard, a model for predicting structural changes in cyberattack techniques in the space of possible implementations based on topological constraints on their evolution using temporal graph neural networks has been developed. The essence of the proposed model is to adjust the results of predicting a temporal graph network based on topological analysis of versions of cyberattack techniques by determining their structural compatibility through joint participation in connectivity components and cyclic structures that reflect stable topological characteristics of their evolution. The feasibility of this approach is due to the value of identifying potential vectors of cyberattack transformation in the space of their possible implementations, which makes it possible to increase the cyber resilience of the ICS to future classes of cyberattacks. An assessment of the effectiveness of the proposed model demonstrates a 15% increase in prediction accuracy and an 8% increase in F1-measure while maintaining a completeness level of 70%, indicating a significant reduction in the number of false positives.

Downloads

Download data is not yet available.

References

President of Ukraine. (2021). Cybersecurity strategy of Ukraine (Decree No. 447/2021, August 26).

Fesokha, V. V., Subach, I. Yu., Korotaiev, S. O., & Yuriiovych, S. I. (2020). Zero-day polymorphic cyberattacks detection using fuzzy inference system. Austrian Journal of Technical and Natural Sciences, 5–6, 8–13.

Fesokha, V. V., & Kysylenko, D. Yu. (2024). Model for determining invariant components in malware behavior based on integration of fuzzy logic and genetic algorithms. Systems and Technologies of Communication, Informatization and Cybersecurity, 6, 232–241. https://doi.org/10.58254/viti.6.2024.19.232

Fesokha, V. (2024). Features of confrontation between defensive and offensive artificial intelligence in cyberspace. International Science Journal of Engineering & Agriculture, 3(4), 105–114. https://doi.org/10.46299/j.isjea.20240304.11

Vinayakumar, R., Alazab, M., Soman, K. P., Poornachandran, P., & Venkatraman, S. (2019). Deep learning approach for intelligent intrusion detection system. IEEE Access, 7, 41525–41550. https://doi.org/10.1109/ACCESS.2019.2908264

Zhang, C., Zhou, J., Li, Y., et al. (2020). Network attack prediction based on LSTM. IEEE Access, 8, 107367–107376. https://doi.org/10.1109/ACCESS.2020.3000753

Ahmed, Y., Azad, M. A., & Asyhari, T. (2024). Rapid forecasting of cyber events using machine learning-enabled features. Information, 15(1), 36. https://doi.org/10.3390/info15010036

Shen, Y., Mariconti, E., Vervier, P.-A., & Stringhini, G. (2019). Attack2Vec: Leveraging temporal word embeddings to understand the evolution of cyberattacks. In Proceedings of the 28th USENIX Security Symposium (pp. 905–921).

Wang, S., Chen, Z., Yan, Q., et al. (2021). Cyber attack path prediction based on graph neural networks. IEEE Access, 9, 125258–125268. https://doi.org/10.1109/ACCESS.2021.3110976

Polatidis, N., Pimenidis, E., Pavlidis, M., Papastergiou, S., & Mouratidis, H. (2018). From product recommendation to cyber-attack prediction: Generating attack graphs and predicting future attacks. arXiv. https://doi.org/10.48550/arXiv.1804.10276

Sleeman, J., Finin, T., & Halem, M. (2019). Temporal understanding of cybersecurity threats. University of Maryland, Baltimore County.

Ramsdell, K. A. W., & Esbeck, K. E. (2021). Evolution of ransomware. MITRE Corporation. https://healthcyber.mitre.org/wp-content/uploads/2021/08/Ransomware-Paper-V2.pdf

Fesokha, V., & Subach, I. (2025). Method for detecting patterns in the evolution of cyberattack techniques based on topological data analysis. Cybersecurity: Education, Science, Technique, 29(1), 717–731. https://doi.org/10.28925/2663-4023.2025.29.933

MITRE Corporation. (2025). MITRE ATT&CK®. https://attack.mitre.org

Rossi, E., Chamberlain, B., Frasca, F., Eynard, D., Monti, F., & Bronstein, M. (2020). Temporal graph networks for deep learning on dynamic graphs. arXiv. https://doi.org/10.48550/arXiv.2006.10637

Carlsson, E., Carlsson, G., & de Silva, V. (2006). An algebraic topological method for feature identification. International Journal of Computational Geometry & Applications, 16(4), 291–314. https://doi.org/10.1142/S021819590600204X

Cohen-Steiner, D., Edelsbrunner, H., & Morozov, D. (2006). Vines and vineyards by updating persistence in linear time. In Proceedings of the 22nd Annual Symposium on Computational Geometry (pp. 119–126). https://doi.org/10.1145/1137856.1137877

Agrawal, R., & Srikant, R. (1994). Fast algorithms for mining association rules. In Proceedings of the 20th International Conference on Very Large Data Bases (pp. 487–499).

Dubey, S. R., Singh, S. K., & Chaudhuri, B. B. (2021). Activation functions in deep learning: A comprehensive survey and benchmark. arXiv. https://doi.org/10.48550/arXiv.2109.14545

Bilen, A., & Özer, A. B. (2024). Cyber-attack method and perpetrator prediction using machine learning algorithms. PeerJ Computer Science, 10, e1917.

Downloads


Abstract views: 69

Published

2026-03-26

How to Cite

Fesokha, V., & Subach, I. (2026). MODEL FOR PREDICTING STRUCTURAL CHANGES IN THE SPACE OF POSSIBLE IMPLEMENTATIONS OF CYBERATTACK TECHNIQUES BASED ON TOPOLOGICAL CONSTRAINTS OF THEIR EVOLUTION USING TEMPORAL GRAPH NEURAL NETWORKS. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 4(32), 974–986. https://doi.org/10.28925/2663-4023.2026.32.1201

Issue

Vol. 4 No. 32 (2026): Cybersecurity: Education, Science, Technique

Section

Articles

License

Copyright (c) 2026 Віталій Фесьоха, Ігор Субач

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Most read articles by the same author(s)