Collaborative Federated Learning-Based Model for Alert Correlation and Attack Scenario Recognition

Alkhpor, Hadeel K.; Alserhani, Faeiz M.

doi:10.3390/electronics12214509

Cited by 1 publication

(1 citation statement)

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Existing research [7][8][9][10][11][12] mainly focuses on APT attack profiling, detection, and attribution. These studies typically discover and trace attack behaviors by analyzing the characteristics of specific APT groups.…”

Section: Introductionmentioning

confidence: 99%

Advanced Persistent Threat Group Correlation Analysis via Attack Behavior Patterns and Rough Sets

Li,

Liu,

Zhang

2024

Electronics

View full text Add to dashboard Cite

In recent years, advanced persistent threat (APT) attacks have become a significant network security threat due to their concealment and persistence. Correlation analysis of APT groups is vital for understanding the global network security landscape and accurately attributing threats. Current studies on threat attribution rely on experts or advanced technology to identify evidence linking attack incidents to known APT groups. However, there is a lack of research focused on automatically discovering potential correlations between APT groups. This paper proposes a method using attack behavior patterns and rough set theory to quantify APT group relevance. It extracts two types of features from threat intelligence: APT attack objects and behavior features. To address the issues of inconsistency and limitations in threat intelligence, this method uses rough set theory to model APT group behavior and designs a link prediction method to infer correlations among APT groups. Experimental results on publicly available APT analysis reports show a correlation precision of 90.90%. The similarity coefficient accurately reflects the correlation strength, validating the method’s efficacy and accuracy.

show abstract