Extending Threat Playbooks for Cyber Threat Intelligence: A Novel Approach for APT Attribution
No Thumbnail Available
Authors
Edie, Kelsie
Mckee, Cole
Duby, Adam
Issue Date
2023
Type
proceedings-article
Language
Keywords
Measurement , Statistical analysis , Digital forensics , Data models , Cyber Threats , Security , Reliability
Alternative Title
Abstract
As cyber attacks grow in complexity and frequency, cyber threat intelligence (CTI) remains a priority objective for defenders. A critical component of CTI at the strategic level of defensive operations is attack attribution. Attributing an attack to a threat group informs defenders on adversaries that are actively engaging them and advances their ability respond. In this paper, we propose a data analytic approach towards threat attribution using adversary playbooks of tactics, techniques, and procedures (TTPs). Specifically, our approach uses association rule mining on a large real world CTI dataset to extend known threat TTP playbooks with statistically probable TTPs the adversary may deploy. The benefits are twofold. First, we offer a dataset of learned TTP associations and extended threat playbooks. Second, we show that we can attribute attacks using a weighted Jaccard similarity with 96% accuracy.
Description
Citation
K. Edie, C. Mckee and A. Duby, "Extending Threat Playbooks for Cyber Threat Intelligence: A Novel Approach for APT Attribution," 2023 11th International Symposium on Digital Forensics and Security (ISDFS), Chattanooga, TN, USA, 2023, pp. 1-6, doi: 10.1109/ISDFS58141.2023.10131867.
Publisher
IEEE