Abstract
Information about cyber-attack planning has been increasingly shared by malicious hackers online, making what was once a hard-to-penetrate market becomes accessible to a wider population. Although this trend helps to produce a huge amount of mal ware, it also provides intelligence for defenders since the shared information can be leveraged as precursors of cyber-attacks. In this work, we apply Annotated Probabilistic Temporal (APT) logic into the cybersecurity domain to accomplish two tasks: 1) induct APT rules that correlate malicious hacking activity with enterprise attacks to predict imminent cyber incidents; 2) leverage a deductive approach that combines attack predictions for more accurate security warnings. Results demonstrate considerable prediction gains in F1 score (up to 150.24 %) compared to the baseline when the pre-conditions of APT rules include socio-personal indicators of the hackers behind cyber incidents, and when the predictions made for a given day are combined using deduction (up to 182.38%). Those findings highlight how AI tools can empower proactive cyber defense