Litcius/Paper detail

Explainable APT Attribution for Malware Using NLP Techniques

Qinqin Wang, Hanbing Yan, Zhihui Han

20212021 IEEE 21st International Conference on Software Quality, Reliability and Security (QRS)23 citationsDOI

Abstract

APT attribution for malware refers to the process of identifying characteristics that are related to the APT group of an anonymous malware. This paper presents a novel approach for APT attribution. Our approach innovatively combines code features and string features for APT attribution, using paragraph vectors and bag-of-words vectors to represent function semantics and behavior reports, respectively. We apply the model interpretation to APT attribution for the first time, using Random Forest Classifier (RFC) and Local Interpretable Model-agnostic Explanations (LIME) to interpret the model results. We evaluate the method on a data set collected from threat intelligence reports. The results show that our method has advantages in feature selection, method application, and accuracy. Importantly, this article provides a detailed description and examples about the process of model interpretation. Model interpretation improves the trust of cyber security personnel in the model, and facilitates the analysis of network attacks and threat intelligence.

Topics & Concepts

Computer scienceMalwareArtificial intelligenceNatural language processingMachine learningInterpretation (philosophy)AttributionParagraphAuthorship attributionClassifier (UML)Data miningProcess (computing)Computer securityWorld Wide WebProgramming languageSocial psychologyPsychologyAdvanced Malware Detection TechniquesNetwork Security and Intrusion DetectionAnomaly Detection Techniques and Applications
Explainable APT Attribution for Malware Using NLP Techniques | Litcius