Litcius/Paper detail

Context-aware cyber-threat attribution based on hybrid features

Ehtsham Irshad, Abdul Basit Siddiqui

2024ICT Express15 citationsDOIOpen Access PDF

Abstract

With the rapid technological development, identifying the attackers behind cyber-attacks is getting more sophisticated. To cope with this phenomenon, the current process of cyber-threat attribution includes features like tactics techniques and procedures (TTP), tools, target country/ company and application. They do not include attacker context and motives; thus, they demand more refined traits. Adding behavioral features to this process is essential to better understand the attacker’s context, motivations and goals. This research study accentuates the impact of adding behavioral features with existing technical features in determining the actual actor. The behavioral features are extracted from Threat actor encyclopedia, a dataset published by Thai CERT. This research investigation also analyzes the impact of hybrid features (technical & and behavioral). For this procedure, the best features are chosen by implementing feature selection techniques. For empirical results, we use the threat actor encyclopedia, a data set published by Thai Cert, for extraction of behavioral attributes. With this augmentation, we achieve elevated results of 97%, 98.8%, 97%, and 97.2% in terms of accuracy, precision, recall and F1-measure using machine/deep learning algorithms.

Topics & Concepts

Computer scienceEncyclopediaContext (archaeology)Process (computing)AttributionArtificial intelligenceSet (abstract data type)Computer securityEmpirical researchBehavioral patternData scienceMachine learningPsychologySoftware engineeringSocial psychologyEpistemologyLibrary scienceOperating systemPaleontologyBiologyProgramming languagePhilosophyInformation and Cyber SecurityNetwork Security and Intrusion DetectionCybercrime and Law Enforcement Studies
Context-aware cyber-threat attribution based on hybrid features | Litcius