A Hybrid Approach Using Graph Neural Networks and LSTM for Attack Vector Reconstruction
Vitulyova Y. Babenko T. Kolesnikova K. Kiktev N. Abramkina O.
August 2025Multidisciplinary Digital Publishing Institute (MDPI)
Computers
2025#14Issue 8
The escalating complexity of cyberattacks necessitates advanced strategies for their detection and mitigation. This study presents a hybrid model that integrates Graph Neural Networks (GNNs) with Long Short-Term Memory (LSTM) networks to reconstruct and predict attack vectors in cybersecurity. GNNs are employed to analyze the structural relationships within the MITRE ATT&CK framework, while LSTM networks are utilized to model the temporal dynamics of attack sequences, effectively capturing the evolution of cyber threats. The combined approach harnesses the complementary strengths of these methods to deliver precise, interpretable, and adaptable solutions for addressing cybersecurity challenges. Experimental evaluation on the CICIDS2017 dataset reveals the model’s strong performance, achieving an Area Under the Curve (AUC) of 0.99 on both balanced and imbalanced test sets, an F1-score of 0.85 for technique prediction, and a Mean Squared Error (MSE) of 0.05 for risk assessment. These findings underscore the model’s capability to accurately reconstruct attack paths and forecast future techniques, offering a promising avenue for strengthening proactive defense mechanisms against evolving cyber threats.
attack vector reconstruction , cybersecurity , graph neural networks , Hybrid AI Models , long short-term memory , machine learning , MITRE ATT&CK , Temporal Prediction
Text of the article Перейти на текст статьи
National Scientific Laboratory for the Collective Use of Information and Space Technologies (NSLC IST), Satbayev University, Satpaev Str., 22a, Almaty, 050013, Kazakhstan
JSC «Institute of Digital Engineering and Technology», Satpaev Str., 22/5, Almaty, 050000, Kazakhstan
Department of Cybersecurity, International IT University, Manas Str., 34/1, Almaty, 050000, Kazakhstan
Department of Information Systems, International IT University, Manas Str., 34/1, Almaty, 050000, Kazakhstan
Department of Automation and Robotic Systems, National University of Life and Environmental Sciences of Ukraine, Heroiv Oborony Str., 15, Kyiv, 03041, Ukraine
Department of Cybersecurity, Almaty University of Power Engineering and Telecommunications Name After Gumarbek Daukeev, Baitursynuly Str., 126, Almaty, 050013, Kazakhstan
National Scientific Laboratory for the Collective Use of Information and Space Technologies (NSLC IST)
JSC «Institute of Digital Engineering and Technology»
Department of Cybersecurity
Department of Information Systems
Department of Automation and Robotic Systems
Department of Cybersecurity
10 лет помогаем публиковать статьи Международный издатель
Книга Публикация научной статьи Волощук 2026 Book Publication of a scientific article 2026