Automatically attributing mobile threat actors by vectorized ATT&CK matrix and paired indicator

Kyoungmin Kim, Youngsup Shin, Justin Lee, Kyungho Lee

    Research output: Contribution to journalArticlepeer-review

    25 Citations (Scopus)

    Abstract

    During the past decade, mobile attacks have been established as an indispensable attack vector adopted by Advanced Persistent Threat (APT) groups. The ubiquitous nature of the smartphone has allowed users to use mobile payments and store private or sensitive data (i.e., login credentials). Consequently, various APT groups have focused on exploiting these vulnerabilities. Past studies have proposed automated classification and detection methods, while few studies have covered the cyber attribution. Our study introduces an automated system that focuses on cyber attribution. Adopting MITRE’s ATT&CK for mobile, we performed our study using the tactic, technique, and procedures (TTPs). By comparing the indicator of compromise (IoC), we were able to help reduce the false flags during our experiment. Moreover, we examined 12 threat actors and 120 malware using the automated method for detecting cyber attribution.

    Original languageEnglish
    Article number6522
    JournalSensors
    Volume21
    Issue number19
    DOIs
    Publication statusPublished - 2021 Oct 1

    Bibliographical note

    Funding Information:
    Funding: This research was funded by Agency for Defense Development grant number UD190016ED.

    Publisher Copyright:
    © 2021 by the authors. Licensee MDPI, Basel, Switzerland.

    Keywords

    • Cyber security
    • Mobile security
    • Threat intelligence

    ASJC Scopus subject areas

    • Analytical Chemistry
    • Information Systems
    • Biochemistry
    • Atomic and Molecular Physics, and Optics
    • Instrumentation
    • Electrical and Electronic Engineering

    Fingerprint

    Dive into the research topics of 'Automatically attributing mobile threat actors by vectorized ATT&CK matrix and paired indicator'. Together they form a unique fingerprint.

    Cite this