Loading [MathJax]/extensions/MathMenu.js
Extending Threat Playbooks for Cyber Threat Intelligence: A Novel Approach for APT Attribution | IEEE Conference Publication | IEEE Xplore

Extending Threat Playbooks for Cyber Threat Intelligence: A Novel Approach for APT Attribution


Abstract:

As cyber attacks grow in complexity and frequency, cyber threat intelligence (CTI) remains a priority objective for defenders. A critical component of CTI at the strategi...Show More

Abstract:

As cyber attacks grow in complexity and frequency, cyber threat intelligence (CTI) remains a priority objective for defenders. A critical component of CTI at the strategic level of defensive operations is attack attribution. Attributing an attack to a threat group informs defenders on adversaries that are actively engaging them and advances their ability respond. In this paper, we propose a data analytic approach towards threat attribution using adversary playbooks of tactics, techniques, and procedures (TTPs). Specifically, our approach uses association rule mining on a large real world CTI dataset to extend known threat TTP playbooks with statistically probable TTPs the adversary may deploy. The benefits are twofold. First, we offer a dataset of learned TTP associations and extended threat playbooks. Second, we show that we can attribute attacks using a weighted Jaccard similarity with 96% accuracy.
Date of Conference: 11-12 May 2023
Date Added to IEEE Xplore: 26 May 2023
ISBN Information:
Conference Location: Chattanooga, TN, USA

References

References is not available for this document.