Using Deep Generative Models to Boost Forecasting: A Phishing Prediction Case Study

Abstract

Time series predictions are important for various application domains. However, effective forecasting can be challenging in noisy contexts devoid of time series data encompassing stationarity, cyclicality, completeness, and non-sparseness. Cyber-security is a good example of such context. In organizational security settings, predicting time series related to emerging attacks could enhance cyber threat intelligence, resulting in timely and actionable insights at the operational, tactical, and strategic levels. In order to explore this gap, we propose a deep generative model-based framework for time series forecasting in noisy data environments. The proposed framework incorporates a novel ensembling strategy where generative adversarial networks and recurrent variational autoencoders are leveraged in unison with base predictors for enhanced regularization of time series predictive models. The framework is extensible, supporting different model combinations and analytical or iterative model fusion strategies. Using a test bed encompassing 10 years of weekly phishing attack volume data from 5 organizations in the technology, financial services, and social networking sectors, we show that the framework can boost predictive power for various standard time series models. Additional results reveal that the framework outperforms generative data augmentation approaches designed to enrich the input time series data matrices. Collectively, our findings suggest that utilizing generative models in more robust end-to-end setup can improve prediction in cyber threat intelligence contexts, as well as related problems involving challenging time series data.