基于关联规则挖掘的网络威胁行为者战术、技术和程序规律分析框架

2018 International Conference on Smart Computing and Electronic Enterprise (ICSCEE) Pub Date : 2018-07-01 DOI:10.1109/ICSCEE.2018.8538379

Umara Noor, Z. Anwar, Umara Noor, Z. Anwar, Zahid Rashid

{"title":"基于关联规则挖掘的网络威胁行为者战术、技术和程序规律分析框架","authors":"Umara Noor, Z. Anwar, Umara Noor, Z. Anwar, Zahid Rashid","doi":"10.1109/ICSCEE.2018.8538379","DOIUrl":null,"url":null,"abstract":"Tactics Techniques and Procedures (TTPs) in cyber domain is an important threat information that describes the behavior and attack patterns of an adversary. Timely identification of associations between TTPs can lead to effective strategy for diagnosing the Cyber Threat Actors (CTAs) and their attack vectors. This study profiles the prevalence and regularities in the TTPs of CTAs. We developed a machine learning-based framework that takes as input Cyber Threat Intelligence (CTI) documents, selects the most prevalent TTPs with high information gain as features and based on them mine interesting regularities between TTPs using Association Rule Mining (ARM). We evaluated the proposed framework with publicly available TTPbased CTI documents. The results show that there are 28 TTPs more prevalent than the other TTPs. Our system identified 155 interesting association rules among the TTPs of CTAs. A summary of these rules is given to effectively investigate threats in the network.","PeriodicalId":265737,"journal":{"name":"2018 International Conference on Smart Computing and Electronic Enterprise (ICSCEE)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"An Association Rule Mining-Based Framework for Profiling Regularities in Tactics Techniques and Procedures of Cyber Threat Actors\",\"authors\":\"Umara Noor, Z. Anwar, Umara Noor, Z. Anwar, Zahid Rashid\",\"doi\":\"10.1109/ICSCEE.2018.8538379\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Tactics Techniques and Procedures (TTPs) in cyber domain is an important threat information that describes the behavior and attack patterns of an adversary. Timely identification of associations between TTPs can lead to effective strategy for diagnosing the Cyber Threat Actors (CTAs) and their attack vectors. This study profiles the prevalence and regularities in the TTPs of CTAs. We developed a machine learning-based framework that takes as input Cyber Threat Intelligence (CTI) documents, selects the most prevalent TTPs with high information gain as features and based on them mine interesting regularities between TTPs using Association Rule Mining (ARM). We evaluated the proposed framework with publicly available TTPbased CTI documents. The results show that there are 28 TTPs more prevalent than the other TTPs. Our system identified 155 interesting association rules among the TTPs of CTAs. A summary of these rules is given to effectively investigate threats in the network.\",\"PeriodicalId\":265737,\"journal\":{\"name\":\"2018 International Conference on Smart Computing and Electronic Enterprise (ICSCEE)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 International Conference on Smart Computing and Electronic Enterprise (ICSCEE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICSCEE.2018.8538379\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 International Conference on Smart Computing and Electronic Enterprise (ICSCEE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSCEE.2018.8538379","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

摘要

网络领域的战术、技术和程序(TTPs)是描述对手行为和攻击模式的重要威胁信息。及时识别ttp之间的关联可以为诊断网络威胁行为者(cta)及其攻击媒介提供有效的策略。本文分析了cta的ttp的普遍性和规律性。我们开发了一个基于机器学习的框架，将网络威胁情报(CTI)文档作为输入，选择具有高信息增益的最流行的ttp作为特征，并在此基础上使用关联规则挖掘(ARM)挖掘ttp之间的有趣规律。我们用公开可用的基于ttp的CTI文档评估了提议的框架。结果表明，有28种TTPs的发病率高于其他TTPs。我们的系统在cta的ttp中识别出155个有趣的关联规则。对这些规则进行了总结，以有效地调查网络中的威胁。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

An Association Rule Mining-Based Framework for Profiling Regularities in Tactics Techniques and Procedures of Cyber Threat Actors

Tactics Techniques and Procedures (TTPs) in cyber domain is an important threat information that describes the behavior and attack patterns of an adversary. Timely identification of associations between TTPs can lead to effective strategy for diagnosing the Cyber Threat Actors (CTAs) and their attack vectors. This study profiles the prevalence and regularities in the TTPs of CTAs. We developed a machine learning-based framework that takes as input Cyber Threat Intelligence (CTI) documents, selects the most prevalent TTPs with high information gain as features and based on them mine interesting regularities between TTPs using Association Rule Mining (ARM). We evaluated the proposed framework with publicly available TTPbased CTI documents. The results show that there are 28 TTPs more prevalent than the other TTPs. Our system identified 155 interesting association rules among the TTPs of CTAs. A summary of these rules is given to effectively investigate threats in the network.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2018 International Conference on Smart Computing and Electronic Enterprise (ICSCEE)

自引率

0.00%

发文量