APT-ATT: An efficient APT attribution model based on heterogeneous threat intelligence representation and CTGAN

With the rapid development of computer network, network security issues become increasingly severe. Due to the nature of highly organized, covert and persistent, advanced persistent threat (APT) has become a major security challenge. Accurately attributing APT attacks is crucial to effectively counter this threat, which not only quickly identifies the source of threats, but also provides the critical support for developing targeted defense strategies and reducing potential losses. However, existing APT attribution models still have significant shortcomings in terms of low efficiency in embedding heterogeneous threat intelligence, class imbalance and insufficient model stability. This paper proposes a novel lightweight APT attribution model called APT-ATT to effectively improve the accuracy and stability of APT attribution by combining the heterogeneous threat intelligence representation and conditional tabular generation adversarial network (CTGAN). Firstly, in response to the embedding requirements of heterogeneous long threat intelligence, a feature representation method combining N-Gram and TF-IDF is designed to quickly extract the local semantic features and use the chi-square statistics for feature selection. Secondly, the CTGAN is introduced to generate the realistic feature vectors to effectively alleviate the class imbalance problem. Finally, an ensemble learning framework is constructed based on the stacking strategy, with KNN, RF and XGBoost as the base learners and optimized logistic regression as the meta learner to further improve the attribution performance and model stability. Experiments on two cyber threat intelligence datasets show that the proposed APT-ATT method achieves an accuracy of 94.91%, along with excellent real-time performance and stronger stability.