Deep Learning for Threat Actor Attribution from Threat Reports

S. Naveen, Rami Puzis, Kumaresan Angappan

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

9 Scopus citations

Abstract

Threat Actor Attribution is the task of identifying an attacker responsible for an attack. This often requires expert analysis and involves a lot of time. There had been attempts to detect a threat actor using machine learning techniques that use information obtained from the analysis of malware samples. These techniques will only be able to identify the attack, and it is trivial to guess the attacker because various attackers may adopt an attack method. A state-of-the-art method performs attribution of threat actors from text reports using Machine Learning and NLP techniques using Threat Intelligence reports. We use the same set of Threat Reports of Advanced Persistent Threats (APT). In this paper, we propose a Deep Learning architecture to attribute Threat actors based on threat reports obtained from various Threat Intelligence sources. Our work uses Neural Networks to perform the task of attribution and show that our method makes the attribution more accurate than other techniques and state-of-the-art methods.

Original languageEnglish
Title of host publication4th International Conference on Computer, Communication and Signal Processing, ICCCSP 2020
PublisherInstitute of Electrical and Electronics Engineers
ISBN (Electronic)9781728165097
DOIs
StatePublished - 28 Sep 2020
Event4th International Conference on Computer, Communication and Signal Processing, ICCCSP 2020 - Chennai, India
Duration: 28 Sep 202029 Sep 2020

Publication series

Name4th International Conference on Computer, Communication and Signal Processing, ICCCSP 2020

Conference

Conference4th International Conference on Computer, Communication and Signal Processing, ICCCSP 2020
Country/TerritoryIndia
CityChennai
Period28/09/2029/09/20

Keywords

  • attribution
  • classification
  • deep learning
  • threat actor
  • threat intelligence

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Signal Processing
  • Information Systems and Management
  • Media Technology

Fingerprint

Dive into the research topics of 'Deep Learning for Threat Actor Attribution from Threat Reports'. Together they form a unique fingerprint.

Cite this