Designing an Improved Cyberattack Prediction Model Using Context-Aware Behavioral Modeling Analysis
Received: 28 April 2025 | Revised: 14 June 2025 | Accepted: 21 June 2025 | Online: 6 October 2025
Corresponding author: Geeta Patil
Abstract
The increasing sophistication and coordination of cyberattacks require proactive defense mechanisms equipped to predict malicious activity before it happens. Conventional systems for intrusion detection and anomaly detection primarily rely on signature-based or shallow anomaly detection methods, which are poorly suited for detecting temporally evolving stealthy-threats and zero-day attacks. These limitations highlight the need for a holistic, context-aware framework that can not only catch threats much earlier but also attribute, with high-fidelity, the underlying causes of these threats. Integrated Neural Cyberattack Prediction and Threat Attribution using Contextual Deep Learning (INCEPT) is a proposal put forth by the authors to address the above challenges: a modular, multi-pronged deep-learning framework designed to predict cyberattacks in detail from raw network traffic data. INCEPT integrates five novel models. Context-Aware Spatio-Temporal Graph Neural Network (CA-STGNN) learns complex entity interactions across time and space, significantly improving the detection of coordinated attacks. Behavior-based Latent Intent Modeling (BLIM) using Contrastive Predictive Coding (CPC) primarily focuses on deviations of intent for early-stage detection, especially in scenarios involving stealthy malware. Hierarchical Attention Transformer guided by Threat Taxonomy Embeddings (HAT-TTE) enables interpretable, multi-stage classification aligned with the MITRE ATT&CK framework. Federated Ensemble framework for Zero-Day Attack Detection (FedEn-ZAD) enhances generalization and robustness across distributed domains with uncertainty quantification. Multi-Resolution Autoencoder with Causal Attribution (MRA-CAA) identifies root causes of detected anomalies across granular traffic layers. Together, these modules demonstrate up to 20% improvement in detection accuracy, 30-35% reduction in incident response time, and notable gains in analyst interpretability and trust. The result is an architecture that offers a scalable and interpretable anticipatory solution to modern cyber defense tasks.
Keywords:
cyberattack detection, deep learning, spatio-temporal graphs, behavioral modeling, threat attributionDownloads
References
M. P. Kumar, N. Krishnammal, M. Gupta, M. U. Begum, S. Sultana, and D. P. Degala, "Sustainable Agriculture in Food Security Integrating Satellite Data Risk Assessment by Cyberattack Detection: AI Applications," Remote Sensing in Earth Systems Sciences, vol. 8, no. 2, pp. 435–443, Jun. 2025.
K. Naveeda and S. M. H. S. S. Fathima, "Real-time implementation of IoT-enabled cyberattack detection system in advanced metering infrastructure using machine learning technique," Electrical Engineering, vol. 107, no. 1, pp. 909–928, Jan. 2025.
Q. Gulzar and K. Mustafa, "Enhancing network security in industrial IoT environments: a DeepCLG hybrid learning model for cyberattack detection," International Journal of Machine Learning and Cybernetics, vol. 16, no. 7, pp. 4797–4815, Aug. 2025.
M. Maddu and Y. N. Rao, "Res2Net-ERNN: deep learning based cyberattack classification in software defined network," Cluster Computing, vol. 27, no. 9, pp. 12821–12839, Dec. 2024.
M. H. Behiry and M. Aly, "Cyberattack detection in wireless sensor networks using a hybrid feature reduction technique with AI and machine learning methods," Journal of Big Data, vol. 11, no. 1, Jan. 2024, Art. no. 16.
D. S. Rao and A. J. Emerson, "Cyberattack defense mechanism using deep learning techniques in software-defined networks," International Journal of Information Security, vol. 23, no. 2, pp. 1279–1291, Apr. 2024.
A. A. Al-Atawi, "Enhancing Internet of Smart City Security: Utilizing Logistic Boosted Algorithms for Anomaly Detection and Cyberattack Prevention," SN Computer Science, vol. 5, no. 5, May 2024, Art. no. 548.
V. M. Krundyshev, G. A. Markov, M. O. Kalinin, P. V. Semyanov, and A. G. Busygin, "Cyberattack Detection in the Industrial Internet of Things Based on the Computation Model of Hierarchical Temporal Memory," Automatic Control and Computer Sciences, vol. 57, no. 8, pp. 1040–1046, Dec. 2023.
I. Ullah, X. Deng, X. Pei, H. Mushtaq, and Z. Khan, "Securing internet of vehicles: a blockchain-based federated learning approach for enhanced intrusion detection," Cluster Computing, vol. 28, no. 4, Feb. 2025, Art. no. 256.
X. Ma, W. Abdelfattah, D. Luo, N. Innab, M. Shutaywi, and W. Deebani, "Non-cooperative game theory with generative adversarial network for effective decision-making in military cyber warfare," Annals of Operations Research, Nov. 2024.
P. Sharma, J. S. Prasad, Shaheen, and S. K. Ahamed, "An efficient cyber threat prediction using a novel artificial intelligence technique," Multimedia Tools and Applications, vol. 83, no. 25, pp. 66757–66773, Jul. 2024.
S. Dalal et al., "Next-generation cyber attack prediction for IoT systems: leveraging multi-class SVM and optimized CHAID decision tree," Journal of Cloud Computing, vol. 12, no. 1, Sep. 2023, Art. no. 137.
Y. R. Maramreddy and K. Muppavaram, "Detecting and Mitigating Data Poisoning Attacks in Machine Learning: A Weighted Average Approach," Engineering, Technology & Applied Science Research, vol. 14, no. 4, pp. 15505–15509, Aug. 2024.
Q. Wu, S. Zhuang, and X. Wang, "A novel detection mechanism against malicious attacks by using spatio and temporal topology information," Scientific Reports, vol. 15, no. 1, Mar. 2025, Art. no. 9978.
A. A. Alhashmi, A. M. Alashjaee, A. A. Darem, A. F. Alanazi, and R. Effghi, "An Ensemble-based Fraud Detection Model for Financial Transaction Cyber Threat Classification and Countermeasures," Engineering, Technology & Applied Science Research, vol. 13, no. 6, pp. 12433–12439, Dec. 2023.
"CSE-CIC-IDS2018." Canadian Institute for Cybersecurity, UNB, 2018. [Online]. Available: https://www.unb.ca/cic/datasets/ids-2018.html.
N. Moustafa, "The TON_IoT Datasets." UNSW, 2020. [Online]. Available: https://research.unsw.edu.au/projects/toniot-datasets.
"ISCX NSL-KDD dataset 2009." Canadian Institute for Cybersecurity, UNB, 2009. [Online]. Available: https://www.unb.ca/cic/datasets/nsl.html.
"Enterprise Matrix." MITRE ATT&CK®. [Online]. Available: https://attack.mitre.org/matrices/enterprise/.
Downloads
How to Cite
License
Copyright (c) 2025 Geeta Patil, Ashwini Sapkal, Vaishali Sachin Ingale
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.
