APT-MMF: An advanced persistent threat actor attribution method based on multimodal and multilevel feature fusion | AIセキュリティポータル

EN

JA

EN

TOP 文献データベース APT-MMF: An advanced persistent threat actor attribution method based on multimodal and multilevel feature fusion

arxiv

APT-MMF: An advanced persistent threat actor attribution method based on multimodal and multilevel feature fusion

AIセキュリティポータルbot

文献データベースの情報は、自動的に収集されています。

Source

https://arxiv.org/abs/2402.12743

PDF

https://arxiv.org/pdf/2402.12743

文献情報

作者: Nan Xiao;Bo Lang;Ting Wang;Yikai Chen
公開日: 2024-2-20
所属機関: State Key Laboratory of Software Development Environment, Beihang University
所属の国: China
会議名: Computing Research Repository (CoRR)

AIにより推定されたラベル

IoC解析手法自動化された脅威帰属 GNN

※ こちらのラベルはAIによって自動的に追加されました。そのため、正確でないことがあります。
詳細は文献データベースについてをご覧ください。

Abstract

Threat actor attribution is a crucial defense strategy for combating advanced persistent threats (APTs). Cyber threat intelligence (CTI), which involves analyzing multisource heterogeneous data from APTs, plays an important role in APT actor attribution. The current attribution methods extract features from different CTI perspectives and employ machine learning models to classify CTI reports according to their threat actors. However, these methods usually extract only one kind of feature and ignore heterogeneous information, especially the attributes and relations of indicators of compromise (IOCs), which form the core of CTI. To address these problems, we propose an APT actor attribution method based on multimodal and multilevel feature fusion (APT-MMF). First, we leverage a heterogeneous attributed graph to characterize APT reports and their IOC information. Then, we extract and fuse multimodal features, including attribute type features, natural language text features and topological relationship features, to construct comprehensive node representations. Furthermore, we design multilevel heterogeneous graph attention networks to learn the deep hidden features of APT report nodes; these networks integrate IOC type-level, metapath-based neighbor node-level, and metapath semantic-level attention. Utilizing multisource threat intelligence, we construct a heterogeneous attributed graph dataset for verification purposes. The experimental results show that our method not only outperforms the existing methods but also demonstrates its good interpretability for attribution analysis tasks.

外部データセット

heterogeneous attributed graph dataset

参考文献

National Institute of Standards and Technology

Managing Information Security Risk: Organization, Mission, and Information System View

Published: 2011

Equation Group: Questions And Answers

Published: 2015

Journal of Strategic Studies

Attributing Cyber Attacks

T. Rid, B. Buchanan

Published: 2015

Journal of Cyber Security

A Hierarchical Model of Targeted Cyber Attacks Attribution

L. Chaoge, F. Binxing, L. Baoxu, C. Xiang, L. Qixu

Published: 2019

Attribution of Advanced Persistent Threats: How to Identify the Actors Behind Cyber-Espionage

Published: 2020

2022 7th IEEE International Conference on Data Science in Cyberspace (DSC)

A Review of Attribution Technical for APT Attacks

Y. Mei, W. Han, S. Li, X. Wu, K. Lin, Y. Qi

Published: 2022

Under false flag: using technical artifacts for cyber attack attribution

F. Skopik, T. Pahi

Published: 2020

Threat Connect

The diamond model of intrusion analysis

S. Caltagirone, A. Pendergast, C. Betz

Published: 2013

Computer Systems & Applications

Levels Analysis of Network Attack Traceback

C. Zhouguo, P. Shi, H. Yao, H. Chen

Published: 2014

Proceedings of the 18th European Conference on Cyber Warfare and Security (ECCWS 2019)

Cyber attribution 2.0: Capture the false flag

T. Pahi, F. Skopik

Published: 2019

Journal of Cyber Security Technology

The Triangle Model for Cyber Threat Attribution

Published: 2021

European Interdisciplinary Cybersecurity Conference, ACM

A Framework for Advanced Persistent Threat Attribution using Zachman Ontology

V.S.C. Putrevu, H. Chunduri, M.A. Putrevu, S. Shukla

Published: 2023

Cyber Warfare, Springer

Cyber attribution: An argumentation-based approach

P. Shakarian, G.I. Simari, G. Moores, S. Parsons

Published: 2015

2016 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM)

Argumentation models for cyber attribution

E. Nunes, P. Shakarian, G.I. Simari, A. Ruef

Published: 2016

Workshops at the Thirtieth AAAI Conference on Artificial Intelligence

Toward argumentation-based cyber attribution

E. Nunes, P. Shakarian, G. Simari

Published: 2016

International Conference on Principles and Practice of Multi-Agent Systems, Springer

Helping forensic analysts to attribute cyber-attacks: an argumentation-based reasoner

E. Karafili, L. Wang, A.C. Kakas, E. Lupu

Published: 2018

Forensic Science International: Digital Investigation

An Argumentation-Based Reasoner to Assist Digital Investigation and Attribution of Cyber-Attacks

E. Karafili, L. Wang, E.C. Lupu

Published: 2020

Computers & Security

Data-driven analytics for cyber-threat intelligence and information sharing

S. Qamar, Z. Anwar, M.A. Rahman, E. Al-Shaer, B.-T. Chu

Published: 2017

2018 IEEE 18th International Conference on Communication Technology (ICCT)

Cyber Security Knowledge Graph Based Cyber Attack Attribution Framework for Space-ground Integration Information Network

Z. Zhu, R. Jiang, Y. Jia, J. Xu, A. Li

Published: 2018

IEEE Transactions on Knowledge and Data Engineering

Cskg4apt: A cybersecurity knowledge graph for advanced persistent threat organization attribution

Y. Ren, Y. Xiao, Y. Zhou, Z. Zhang, Z. Tian

Published: 2022

28th USENIX Security Symposium (USENIX Security 19), USENIX Association

ATTACK2VEC: Leveraging Temporal Word Embeddings to Understand the Evolution of Cyberattacks

Y. Shen, G. Stringhini

Published: 2019

30th USENIX Security Symposium (USENIX Security 21)

ATLAS: A sequence-based learning approach for attack investigation

A. Alsaheel, Y. Nan, S. Ma, L. Yu, G. Walkup, Z.B. Celik, X. Zhang, D. Xu

Published: 2021

IEEE Transactions on Dependable and Secure Computing

Apt-kgl: An intelligent apt detection system based on threat knowledge and heterogeneous provenance graph learning

T. Chen, C. Dong, M. Lv, Q. Song, H. Liu, T. Zhu, K. Xu, L. Chen, S. Ji, Y. Fan

Published: 2022

Computers & Security

Attack scenario reconstruction via fusing heterogeneous threat intelligence

X. Zang, J. Gong, X. Zhang, G. Li

Published: 2023

IEEE Transactions on Dependable and Secure Computing

Attack Hypotheses Generation Based on Threat Intelligence Knowledge Graph

F.K. Kaiser, U. Dardik, A. Elitzur, P. Zilberman, N. Daniel, M. Wiens, F. Schultmann, Y. Elovici, R. Puzis

Published: 2023

2023 IEEE Conference on Dependable and Secure Computing (DSC)

APTer: Towards the Investigation of APT Attribution

V. Sachidananda, R. Patil, A. Sachdeva, K.Y. Lam, L. Yang

Published: 2023

2016 IEEE Trustcom/BigDataSE/ISPA

How to Automatically Identify the Homology of Different Malware

Y. Qiao, X. Yun, Y. Zhang

Published: 2016

Security and Communication Networks

Attribution Classification Method of APT Malware in IoT Using Machine Learning Techniques

S. Li, Q. Zhang, X. Wu, W. Han, Z. Tian

Published: 2021

IEEE Transactions on Network and Service Management

A hybrid intelligent approach to attribute Advanced Persistent Threat Organization using PSO-MSVM Algorithm

Y. Mei, W. Han, S. Li, K. Lin

Published: 2022

Artificial Neural Networks and Machine Learning, Springer International Publishing

DeepAPT: Nation-State APT Attribution Using End-to-End Deep Neural Networks

I. Rosenberg, G. Sicard, E. David

Published: 2017

2021 IEEE 21st International Conference on Software Quality, Reliability and Security (QRS)

Explainable APT Attribution for Malware Using NLP Techniques

Q. Wang, H. Yan, Z. Han

Published: 2021

Cyber Security Cryptography and Machine Learning, Springer International Publishing

Malware Triage Based on Static Features and Public APT Reports

G. Laurenza, L. Aniello, R. Lazzeretti, R. Baldoni

Published: 2017

2019 26th International Conference on Telecommunications (ICT)

Functions-based CFG Embedding for Malware Homology Analysis

J. Liu, Y. Shen, H. Yan

Published: 2019

Detection of Intrusions and Malware, and Vulnerability Assessment, Springer International Publishing

SCRUTINIZER: Detecting Code Reuse in Malware via Decompilation and Machine Learning

O. Mirzaei, R. Vasilenko, E. Kirda, L. Lu, A. Kharraz

Published: 2021

Future Generation Computer Systems

A machine learning-based FinTech cyber threat attribution framework using high-level indicators of compromise

U. Noor, Z. Anwar, T. Amjad, K.K.R. Choo

Published: 2019

2021 World Automation Congress (WAC)

ART: Automated Reclassification for Threat Actors based on ATT&CK Matrix Similarity

Y. Shin, K. Kim, J.J. Lee, K. Lee

Published: 2021

Camp2Vec: Embedding cyber campaign with ATT&CK framework for attack group analysis

I. Lee, C. Choi

Published: 2023

Egyptian Informatics Journal

Cyber threat attribution using unstructured reports in cyber threat intelligence

E. Irshad, A. Basit Siddiqui

Published: 2022

2019 IEEE International Conference on Intelligence and Security Informatics (ISI)

NO-DOUBT: Attack Attribution Based On Threat Intelligence Reports

L. Perry, B. Shapira, R. Puzis

Published: 2019

2020 4th International Conference on Computer, Communication and Signal Processing (ICCCSP)

Deep Learning for Threat Actor Attribution from Threat Reports

N. S, R. Puzis, K. Angappan

Published: 2020

Journal of Software

Method of Cyber Attack Attribution Based on Graph Model

K.Z. Huang, Y.F. Lian, D.G. Feng, H.X. Zhang, D. Wu, X.L. Ma

Published: 2022

Computers and Electrical Engineering

Advanced Persistent Threat intelligent profiling technique: A survey

B. Tang, J. Wang, Z. Yu, B. Chen, W. Ge, J. Yu, T. Lu

Published: 2022

Computers & Security

A framework for threat intelligence extraction and fusion

Y. Guo, Z. Liu, C. Huang, N. Wang, H. Min, W. Guo, J. Liu

Published: 2023

IEEE Communications Surveys & Tutorials

Cyber Threat Intelligence Mining for Proactive Cybersecurity Defense: A Survey and New Perspectives

N. Sun, M. Ding, J. Jiang, W. Xu, X. Mo, Y. Tai, J. Zhang

Published: 2023

Computers & Security

A survey on cybersecurity knowledge graph construction

X. Zhao, R. Jiang, Y. Han, A. Li, Z. Peng

Published: 2023

Proceedings of NAACL-HLT

Bert: Pre-training of deep bidirectional transformers for language understanding

Jacob Devlin, Ming-Wei Chang, Kenton Lee, Kristina Toutanova

Published: 2019

ACM SIGKDD Conference on Knowledge Discovery and Data Mining

node2vec: Scalable feature learning for networks

A. Grover, J. Leskovec

Published: 2016

The World Wide Web Conference, ACM

Heterogeneous Graph Attention Network

X. Wang, H. Ji, C. Shi, B. Wang, Y. Ye, P. Cui, P.S. Yu

Published: 2019

2017 European Intelligence and Security Informatics Conference (EISIC), IEEE

Cyber Threat Intelligence Model: An Evaluation of Taxonomies, Sharing Standards, and Ontologies within Cyber Threat Intelligence

V. Mavroeidis, S. Bromander

Published: 2017

Published: 2021

MITRE, Tech. Rep.

Mitre att&ck: Design and philosophy

B. Strom, A. Applebaum, D. Miller, K. Nickels, A. Pennington, C. Thomas

Published: 2020

Common Vulnerabilities and Exposures

Published: 2023

Annual Computer Security Applications Conference, Association for Computing Machinery

AVclass2: Massive Malware Tag Extraction from AV Labels

S. Sebastián, J. Caballero

Published: 2020

Published: 2023

ACM SIGKDD Conference on Knowledge Discovery and Data Mining

DeepWalk: Online learning of social representations

B. Perozzi, R. Al-Rfou, S. Skiena

Published: 2014

Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining

Metapath2vec: Scalable representation learning for heterogeneous networks

Y. Dong, N.V. Chawla, A. Swami

Published: 2017

ICLR

Semi-supervised classification with graph convolutional networks

Thomas N Kipf, Max Welling

Published: 2017

6th International Conference on Learning Representations

Graph Attention Networks

P. Veličković, G. Cucurull, A. Casanova, A. Romero, P. Liò, Y. Bengio

Published: 2017

Proceedings of the Web Conference 2021, ACM

Heterogeneous Graph Neural Network via Attribute Completion

D. Jin, C. Huo, C. Liang, L. Yang

Published: 2021

IEEE Transactions on Knowledge and Data Engineering

Hincti: A cyber threat intelligence modeling and identification system based on heterogeneous information network

Y. Gao, L.I. Xiaoyong, P. Hao, B. Fang, P. Yu

Published: 2020