The global surge of cyber-attacks in the form of sequential network attacks has propelled the
need for robust intrusion detection and prediction systems. Such attacks are difcult to reveal using current
intrusion detection systems, since each individual attack phase may appear benign when examined outside
of its context. In addition, there are challenges in building supervised learning models for such attacks, since
there are limited labelled datasets available. Hence, there is a need for updating already built models to
specific operational environments and for addressing the concept drift. A hidden Markov model (HMM)
is a popular framework for sequential modelling, however, in addition to the above challenges, the model
parameters are difcult to optimise. This paper proposes a transfer learning (TL) approach that exploits
already learned knowledge, gained from a labelled source dataset, and adapts it on a different, unlabelled
target dataset. The datasets may be from a different but related domain. Five unsupervised HMM techniques
are developed utilising a TL approach and evaluated against conventional machine learning approaches.
Baum-Welch (BW), Viterbi training, gradient descent, differential evolution (DE) and simulated annealing,
are deployed for the detection of attack stages in the network trafc, as well as, forecasting both the next
most probable attack stage and its method of manifestation. Specifically, for the prediction of the three next
most likely states and observations, TL with DE achieved a maximum accuracy improvement of 48.3%,
and 27.4%, respectively. Finally, the actual detection prediction for the three next most probable states and
methods of manifestation reaches 78.9% and 96.3% using TL with BW and DE, respectively.