@inproceedings{97534c42ca6348af9ecad94a5b0b7c33,
title = "NO-DOUBT: Attack attribution based on threat intelligence reports",
abstract = "The task of attack attribution, i.e., identifying the entity responsible for an attack, is complicated and usually requires the involvement of an experienced security expert. Prior attempts to automate attack attribution apply various machine learning techniques on features extracted from the malware's code and behavior in order to identify other similar malware whose authors are known. However, the same malware can be reused by multiple actors, and the actor who performed an attack using a malware might differ from the malware's author. Moreover, information collected during an incident may contain many clues about the identity of the attacker in addition to the malware used. In this paper, we propose a method of attack attribution based on textual analysis of threat intelligence reports, using state of the art algorithms and models from the fields of machine learning and natural language processing (NLP). We have developed a new text representation algorithm which captures the context of the words and requires minimal feature engineering. Our approach relies on vector space representation of incident reports derived from a small collection of labeled reports and a large corpus of general security literature. Both datasets have been made available to the research community. Experimental results show that the proposed representation can attribute attacks more accurately than the baselines' representations. In addition, we show how the proposed approach can be used to identify novel previously unseen threat actors and identify similarities between known threat actors.",
keywords = "Classification, Security analytics, Text, Threat intelligence",
author = "Lior Perry and Bracha Shapira and Rami Puzis",
note = "Publisher Copyright: {\textcopyright} 2019 IEEE.; 17th IEEE International Conference on Intelligence and Security Informatics, ISI 2019 ; Conference date: 01-07-2019 Through 03-07-2019",
year = "2019",
month = jul,
day = "1",
doi = "10.1109/ISI.2019.8823152",
language = "English",
series = "2019 IEEE International Conference on Intelligence and Security Informatics, ISI 2019",
publisher = "Institute of Electrical and Electronics Engineers",
pages = "80--85",
editor = "Xiaolong Zheng and Ahmed Abbasi and Michael Chau and Alan Wang and Lina Zhou",
booktitle = "2019 IEEE International Conference on Intelligence and Security Informatics, ISI 2019",
address = "United States",
}