Context-aware cyber-threat attribution based on hybrid features

Autor: Ehtsham Irshad, Abdul Basit Siddiqui
Jazyk: angličtina
Rok vydání: 2024
Předmět:
Zdroj: ICT Express, Vol 10, Iss 3, Pp 553-569 (2024)
Druh dokumentu: article
ISSN: 2405-9595
DOI: 10.1016/j.icte.2024.04.005
Popis: With the rapid technological development, identifying the attackers behind cyber-attacks is getting more sophisticated. To cope with this phenomenon, the current process of cyber-threat attribution includes features like tactics techniques and procedures (TTP), tools, target country/ company and application. They do not include attacker context and motives; thus, they demand more refined traits. Adding behavioral features to this process is essential to better understand the attacker’s context, motivations and goals. This research study accentuates the impact of adding behavioral features with existing technical features in determining the actual actor. The behavioral features are extracted from Threat actor encyclopedia, a dataset published by Thai CERT. This research investigation also analyzes the impact of hybrid features (technical & and behavioral). For this procedure, the best features are chosen by implementing feature selection techniques. For empirical results, we use the threat actor encyclopedia, a data set published by Thai Cert, for extraction of behavioral attributes. With this augmentation, we achieve elevated results of 97%, 98.8%, 97%, and 97.2% in terms of accuracy, precision, recall and F1-measure using machine/deep learning algorithms.
Databáze: Directory of Open Access Journals