ART: Automated reclassification for threat actors based on ATT&CK matrix similarity

Youngsup Shin, Kyoungmin Kim, Jemin Justin Lee, Kyungho Lee

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    11 Citations (Scopus)

    Abstract

    Given the perniciousness of threats posed by state-sponsored advanced persistent threats (APTs), identifying cyber threat attribution of the cyber threat actors (CTA) is of paramount importance for deterring cyber-attacks by APTs. As state-sponsored APT groups have been especially active in the past decade, recent studies have attempted to establish attribution with the limited set of information of the APT groups. Various government agencies and SOC vendors have utilized Indicators of Compromise (IoC) and Tactic, Technique, Procedures (TTPs) to collect intelligence pertaining to the adversaries, to no avail. Recently, MITRE's ATT&CK® framework has been widely adopted for collecting and documenting the TTPs of the various CTAs. This paper presents an Automated Reclassification for Threat Actors (ART) that quantitatively compares the TTPs from different APT groups. ART crawls cyber threat reports and retrieves the ATT&CK matrix of APT groups. Then, it vectorizes the ATT&CK matrix and calculates the cosine similarity. By reexamining the various aliases of the CTAs with the ATT&CK framework, we believe that ART can help classify the indiscriminately established APT groups.

    Original languageEnglish
    Title of host publication2021 World Automation Congress, WAC 2021
    PublisherIEEE Computer Society
    Pages15-20
    Number of pages6
    ISBN (Electronic)9781685241117
    DOIs
    Publication statusPublished - 2021 Aug 1
    Event2021 World Automation Congress, WAC 2021 - Virtual, Taipei, Taiwan, Province of China
    Duration: 2021 Aug 12021 Aug 5

    Publication series

    NameWorld Automation Congress Proceedings
    Volume2021-August
    ISSN (Print)2154-4824
    ISSN (Electronic)2154-4832

    Conference

    Conference2021 World Automation Congress, WAC 2021
    Country/TerritoryTaiwan, Province of China
    CityVirtual, Taipei
    Period21/8/121/8/5

    Bibliographical note

    Funding Information:
    This research was funded by Agency for Defense Development grant number UD190016ED.

    Funding Information:
    This research was funded by Agency for Defense Development grant numberUD190016ED.

    Publisher Copyright:
    © 2021 TSI Enterprises.

    Keywords

    • Automation
    • Cyber Attribution
    • Cyber Threat Intelligence
    • Cybersecurity

    ASJC Scopus subject areas

    • Control and Systems Engineering

    Fingerprint

    Dive into the research topics of 'ART: Automated reclassification for threat actors based on ATT&CK matrix similarity'. Together they form a unique fingerprint.

    Cite this