IPAttributor: Cyber Attacker Attribution with Threat Intelligence-Enriched Intrusion Data

Xiang, Xiayu; Liu, Hao; Zeng, Liyi; Zhang, Huan; Gu, Zhaoquan

doi:10.3390/math12091364

Search citation statements

Order By: Relevance

Paper Sections

Select...

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2024

Publication Types

Select...

Other1

Article1

Relationship

Self Cite0

Independent2

Authors

Journals

Cited by 2 publications

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

Predicting Cyber-Attacks and Identifying Perpetrators Using Machine Learning Techniques

G. A,

et al. 2024

2024 Third International Conference on Smart Technologies and Systems for Next Generation Computing (ICSTSN)

View full text Add to dashboard Cite

Predicting Cyber-Attacks and Identifying Perpetrators Using Machine Learning Techniques

G. A,

et al. 2024

2024 Third International Conference on Smart Technologies and Systems for Next Generation Computing (ICSTSN)

View full text Add to dashboard Cite

Cyber Threat Intelligence meets the Analytic Tradecraft

Bjurling,

Raza

2024

ACM Trans. Priv. Secur.

View full text Add to dashboard Cite

The volumes and sophistication of cyber threats in today’s cyber threat landscape have risen to levels where automated quantitative tools for Cyber Threat Intelligence (CTI) have become an indispensable part in the cyber defense arsenals. The AI and cyber security research communities are producing novel automated tools for CTI that quickly find their ways into commercial products. However, the quality of such automated intelligence products is being questioned by the intelligence community. Cyber security operators are forced to complement the automated tools with costly and time-consuming human intelligence analysis in order to improve the quality of the end product. For improving the quality, it has been suggested that researchers should incorporate methods from traditional intelligence analysis into the quantitative algorithms. This article presents a novel approach to cyber intelligence analysis called AMBARGO, which takes the inherent ambiguity of evidence into account in the analysis, using the Choquet integral, in formalizing the re-evaluation of evidence and hypotheses made by human analysts. The development of AMBARGO revolves around a cyber attribution use case, one of the hardest problems in CTI. The results of our evaluating experiments show that the robustness of AMBARGO outperforms state-of-the-art quantitative approaches to CTI in the presence of ambiguous evidence and potentially deceptive threat actor tactics. AMBARGO has thus the potential to fill a gap in the CTI state-of-the-art, which currently handles ambiguity poorly. The findings are also confirmed in a large-scale realistic experimental setting based on data from an APT campaign obtained from the MITRE ATT&CK Framework.

show abstract

IPAttributor: Cyber Attacker Attribution with Threat Intelligence-Enriched Intrusion Data

Cited by 2 publications

References 23 publications

Predicting Cyber-Attacks and Identifying Perpetrators Using Machine Learning Techniques

Predicting Cyber-Attacks and Identifying Perpetrators Using Machine Learning Techniques

Cyber Threat Intelligence meets the Analytic Tradecraft

Contact Info

Product

Resources

About