Context-aware cyber-threat attribution based on hybrid features

Abstract

Read online

With the rapid technological development, identifying the attackers behind cyber-attacks is getting more sophisticated. To cope with this phenomenon, the current process of cyber-threat attribution includes features like tactics techniques and procedures (TTP), tools, target country/ company and application. They do not include attacker context and motives; thus, they demand more refined traits. Adding behavioral features to this process is essential to better understand the attacker’s context, motivations and goals. This research study accentuates the impact of adding behavioral features with existing technical features in determining the actual actor. The behavioral features are extracted from Threat actor encyclopedia, a dataset published by Thai CERT. This research investigation also analyzes the impact of hybrid features (technical & and behavioral). For this procedure, the best features are chosen by implementing feature selection techniques. For empirical results, we use the threat actor encyclopedia, a data set published by Thai Cert, for extraction of behavioral attributes. With this augmentation, we achieve elevated results of 97%, 98.8%, 97%, and 97.2% in terms of accuracy, precision, recall and F1-measure using machine/deep learning algorithms.

Keywords

• Cyber threat intelligence (CTI)
• Incident of compromise (IOC)
• Cyber-threat actor (CTA)
• Tactics techniques and procedures (TTP)
• Structured threat information expression (STIX)
• Security operation center (SOC)