KillChainGraph: ML Framework for Predicting and Mapping ATT&CK Techniques

--The escalating complexity and volume of cyber-attacks demand proactive detection strategies that go beyond traditional rule-based systems. This paper presents a phase-aware, multi-model machine learning framework that emulates adversarial behavior across the seven phases of the Cyber Kill Chain using the MITRE A TT&CK Enterprise dataset. T ech-niques are semantically mapped to phases via A TT ACK-BERT, producing seven phase-specific datasets. We evaluate LightGBM, a custom Transformer encoder, fine-tuned BERT, and a Graph Neural Network (GNN), integrating their outputs through a weighted soft voting ensemble. Inter-phase dependencies are modeled using directed graphs to capture attacker movement from reconnaissance to objectives. The ensemble consistently achieved the highest scores, with F1-scores ranging from 97.47% to 99.83%, surpassing GNN performance (97.36% to 99.81%) by 0.03%-0.20% This graph-driven, ensemble-based approach enables interpretable attack path forecasting and strengthens proactive cyber defense.