Context-aware cyber-threat attribution based on hybrid features

IF 4.1 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS ICT Express Pub Date : 2024-06-01 DOI:10.1016/j.icte.2024.04.005

Ehtsham Irshad, Abdul Basit Siddiqui

{"title":"Context-aware cyber-threat attribution based on hybrid features","authors":"Ehtsham Irshad, Abdul Basit Siddiqui","doi":"10.1016/j.icte.2024.04.005","DOIUrl":null,"url":null,"abstract":"<div><p>With the rapid technological development, identifying the attackers behind cyber-attacks is getting more sophisticated. To cope with this phenomenon, the current process of cyber-threat attribution includes features like tactics techniques and procedures (TTP), tools, target country/ company and application. They do not include attacker context and motives; thus, they demand more refined traits. Adding behavioral features to this process is essential to better understand the attacker’s context, motivations and goals. This research study accentuates the impact of adding behavioral features with existing technical features in determining the actual actor. The behavioral features are extracted from Threat actor encyclopedia, a dataset published by Thai CERT. This research investigation also analyzes the impact of hybrid features (technical & and behavioral). For this procedure, the best features are chosen by implementing feature selection techniques. For empirical results, we use the threat actor encyclopedia, a data set published by Thai Cert, for extraction of behavioral attributes. With this augmentation, we achieve elevated results of 97%, 98.8%, 97%, and 97.2% in terms of accuracy, precision, recall and F1-measure using machine/deep learning algorithms.</p></div>","PeriodicalId":48526,"journal":{"name":"ICT Express","volume":"10 3","pages":"Pages 553-569"},"PeriodicalIF":4.1000,"publicationDate":"2024-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2405959524000420/pdfft?md5=acf5e622fa03761320f62de48e4bf144&pid=1-s2.0-S2405959524000420-main.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ICT Express","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2405959524000420","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

With the rapid technological development, identifying the attackers behind cyber-attacks is getting more sophisticated. To cope with this phenomenon, the current process of cyber-threat attribution includes features like tactics techniques and procedures (TTP), tools, target country/ company and application. They do not include attacker context and motives; thus, they demand more refined traits. Adding behavioral features to this process is essential to better understand the attacker’s context, motivations and goals. This research study accentuates the impact of adding behavioral features with existing technical features in determining the actual actor. The behavioral features are extracted from Threat actor encyclopedia, a dataset published by Thai CERT. This research investigation also analyzes the impact of hybrid features (technical & and behavioral). For this procedure, the best features are chosen by implementing feature selection techniques. For empirical results, we use the threat actor encyclopedia, a data set published by Thai Cert, for extraction of behavioral attributes. With this augmentation, we achieve elevated results of 97%, 98.8%, 97%, and 97.2% in terms of accuracy, precision, recall and F1-measure using machine/deep learning algorithms.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于混合特征的情境感知网络威胁归因

随着技术的快速发展，识别网络攻击背后的攻击者变得越来越复杂。为应对这一现象，当前的网络威胁归因过程包括战术、技术和程序（TTP）、工具、目标国家/公司和应用等特征。它们不包括攻击者的背景和动机；因此，它们需要更精细的特征。要更好地了解攻击者的背景、动机和目标，在这一过程中加入行为特征至关重要。本研究强调了在现有技术特征基础上添加行为特征对确定实际攻击者的影响。行为特征是从泰国 CERT 发布的数据集 Threat actor encyclopedia 中提取的。本研究调查还分析了混合特征（技术特征和行为特征）的影响。为此，我们采用了特征选择技术来选择最佳特征。在实证结果中，我们使用了威胁行为者百科全书（由泰国计算机应急小组发布的数据集）来提取行为属性。通过使用机器/深度学习算法进行增强，我们在准确率、精确度、召回率和 F1 测量方面分别取得了 97%、98.8%、97% 和 97.2% 的高分。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

ICT Express Multiple-

CiteScore

10.20

自引率

1.90%

发文量

167

审稿时长

35 weeks

期刊介绍： The ICT Express journal published by the Korean Institute of Communications and Information Sciences (KICS) is an international, peer-reviewed research publication covering all aspects of information and communication technology. The journal aims to publish research that helps advance the theoretical and practical understanding of ICT convergence, platform technologies, communication networks, and device technologies. The technology advancement in information and communication technology (ICT) sector enables portable devices to be always connected while supporting high data rate, resulting in the recent popularity of smartphones that have a considerable impact in economic and social development.