TY - GEN
T1 - ART
T2 - 2021 World Automation Congress, WAC 2021
AU - Shin, Youngsup
AU - Kim, Kyoungmin
AU - Lee, Jemin Justin
AU - Lee, Kyungho
N1 - Funding Information:
This research was funded by Agency for Defense Development grant number UD190016ED.
Funding Information:
This research was funded by Agency for Defense Development grant numberUD190016ED.
Publisher Copyright:
© 2021 TSI Enterprises.
PY - 2021/8/1
Y1 - 2021/8/1
N2 - Given the perniciousness of threats posed by state-sponsored advanced persistent threats (APTs), identifying cyber threat attribution of the cyber threat actors (CTA) is of paramount importance for deterring cyber-attacks by APTs. As state-sponsored APT groups have been especially active in the past decade, recent studies have attempted to establish attribution with the limited set of information of the APT groups. Various government agencies and SOC vendors have utilized Indicators of Compromise (IoC) and Tactic, Technique, Procedures (TTPs) to collect intelligence pertaining to the adversaries, to no avail. Recently, MITRE's ATT&CK® framework has been widely adopted for collecting and documenting the TTPs of the various CTAs. This paper presents an Automated Reclassification for Threat Actors (ART) that quantitatively compares the TTPs from different APT groups. ART crawls cyber threat reports and retrieves the ATT&CK matrix of APT groups. Then, it vectorizes the ATT&CK matrix and calculates the cosine similarity. By reexamining the various aliases of the CTAs with the ATT&CK framework, we believe that ART can help classify the indiscriminately established APT groups.
AB - Given the perniciousness of threats posed by state-sponsored advanced persistent threats (APTs), identifying cyber threat attribution of the cyber threat actors (CTA) is of paramount importance for deterring cyber-attacks by APTs. As state-sponsored APT groups have been especially active in the past decade, recent studies have attempted to establish attribution with the limited set of information of the APT groups. Various government agencies and SOC vendors have utilized Indicators of Compromise (IoC) and Tactic, Technique, Procedures (TTPs) to collect intelligence pertaining to the adversaries, to no avail. Recently, MITRE's ATT&CK® framework has been widely adopted for collecting and documenting the TTPs of the various CTAs. This paper presents an Automated Reclassification for Threat Actors (ART) that quantitatively compares the TTPs from different APT groups. ART crawls cyber threat reports and retrieves the ATT&CK matrix of APT groups. Then, it vectorizes the ATT&CK matrix and calculates the cosine similarity. By reexamining the various aliases of the CTAs with the ATT&CK framework, we believe that ART can help classify the indiscriminately established APT groups.
KW - Automation
KW - Cyber Attribution
KW - Cyber Threat Intelligence
KW - Cybersecurity
UR - http://www.scopus.com/inward/record.url?scp=85117170386&partnerID=8YFLogxK
U2 - 10.23919/WAC50355.2021.9559514
DO - 10.23919/WAC50355.2021.9559514
M3 - Conference contribution
AN - SCOPUS:85117170386
T3 - World Automation Congress Proceedings
SP - 15
EP - 20
BT - 2021 World Automation Congress, WAC 2021
PB - IEEE Computer Society
Y2 - 1 August 2021 through 5 August 2021
ER -