A machine learning-based FinTech cyber threat attribution framework using high-level indicators of compromise

Noor, Umara; Anwar, Zahid; Amjad, Tehmina; Choo, Kim‐Kwang Raymond

doi:10.1016/j.future.2019.02.013

Cited by 122 publications

(81 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In the fintech domain, Noor et al [21] used Indicator of Compromise (IoC) as input, the feed which produces by cyberthreat intelligence teams, and Natural Language Processing Based on deep neural network engine to attribute a FinTech attack to its actor. They obtained over 98% accuracy to attribute an attack which had IoCs to its actor.…”

Section: Related Workmentioning

confidence: 99%

MVFCC: A Multi-View Fuzzy Consensus Clustering Model for Malware Threat Attribution

et al. 2020

View full text Add to dashboard Cite

The rise of emerging cyberthreats has led to a shift of focus on identifying the source of threat instead of the type of attack to provide a more effective defense to compromised environments against malicious acts. The most complex type of cyberthreat is the Advanced Persistent Threat (APT) attack that is usually backed by one or more states and lunched using a range of clandestine techniques aiming at high-value targets. Finding the source of the attackers and the associated campaign behind the threats can lead to taking an optimum defense decision in a more timely fashion. Threat attribution is an act of attributing an attack to the source of the attack. Threat attribution can not be fully achieved by a single piece of evidence (i.e. single view) from malicious actors as the evidence could get obfuscated by the actor to evade the detection mechanism. In this paper, we propose a multi-view fuzzy consensus clustering model for attributing cyber threat payloads (malware) to its actor. We conduct over 4000 experiments to find out the best combinations of all 12 extracted views for the attribution task. Our experiments use five well-know APT families payloads. To avoid bias in the results, we apply a fuzzy pattern tree and multi-modal fuzzy classifier for our inference engines of all views. To define an optimum distinction among the malicious actor's behavior we implemented the consensus clustering technique. The comparison analysis of a singleview versus multi-view result justifies a significant improvement in the accuracy rate of attribution for all actors. The obtained results from the multi-view aspect of our proposed model give 95.2% accuracy.

show abstract

Section: Related Workmentioning

confidence: 99%

MVFCC: A Multi-View Fuzzy Consensus Clustering Model for Malware Threat Attribution

et al. 2020

View full text Add to dashboard Cite

show abstract

“…[ 70 ] and Noor U. et al. [ 50 , 71 ]confirm that the TTP's of the attacker remains consistent over a period of time. This allows greater confidence in the predictability of the lower level indicators of attack.…”

Section: Threat Modellingmentioning

confidence: 95%

“…utilised this pyramid and believes that the low-level IOCs can only useful for a limited time period, as the attacker can vary their indicators by using alternate service providers, IP addresses, attack servers and domain names etc. [ 50 ].…”

Section: Cyber Threat Intelligencementioning

confidence: 99%

A review of threat modelling approaches for APT-style attacks

Tatam

Shanmugam

Azam

et al. 2021

Heliyon

View full text Add to dashboard Cite

“…In recent days , due to enormous available of accessing resources and evolution of innovating technologies, anyone who are interested in any type of hacking can involve themselves in exploring the TTP's used by the hacker communities can acquire their knowledge through forums, IRC, carding shops etc., [21].On day today basis, the exploits are increasing and made as commercialization [22]and become lively for hacker community. [24]Cyber-attacks affect the global economy of many billion dollar in preventing from [18] execution of malicious tools like trojans, zeus, ransomware and keyloggers, SQL injections, and DDoS from United States, Russia, and China. To prevent the cyber-attacks the vendors like FireEye, Cyveillance, Symantec, McAfee, Trend Micro, Sophos, and Kaspersky involved in the generation of Cyber Threat Intelligence (CTI) reports.…”

Section: Online Forums and Cti Reportsmentioning

confidence: 99%

Prediction of Adversary’s TTP using Caldera

2019

IJITEE

View full text Add to dashboard Cite

Due to the ubiquity of the internet in all the lines of the disciplines, cyber security becomes essential in day to day life. To make the cyber assets resilient from the challenging attacks like Advanced Persistent Threats (APT), the experts needs a strategic rules and proactive decision-making models The Caldera is a adversarial emulator for both blue and red team to test the APT along with the cyber kill chain(CKC).The resilience could be achieved when the blue team and red team work together in analyzing the cyber threats based on the probabilistic of creating adversarial profile with different characteristic helps in finding the priority of the assets of the organization from the point of an adversary in launching the cyber -attack.

show abstract

A machine learning-based FinTech cyber threat attribution framework using high-level indicators of compromise

Cited by 122 publications

References 8 publications

MVFCC: A Multi-View Fuzzy Consensus Clustering Model for Malware Threat Attribution

MVFCC: A Multi-View Fuzzy Consensus Clustering Model for Malware Threat Attribution

A review of threat modelling approaches for APT-style attacks

Prediction of Adversary’s TTP using Caldera

Contact Info

Product

Resources

About