ART: Automated reclassification for threat actors based on ATT&CK matrix similarity

Youngsup Shin, Kyoungmin Kim, Jemin Justin Lee, Kyungho Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Given the perniciousness of threats posed by state-sponsored advanced persistent threats (APTs), identifying cyber threat attribution of the cyber threat actors (CTA) is of paramount importance for deterring cyber-attacks by APTs. As state-sponsored APT groups have been especially active in the past decade, recent studies have attempted to establish attribution with the limited set of information of the APT groups. Various government agencies and SOC vendors have utilized Indicators of Compromise (IoC) and Tactic, Technique, Procedures (TTPs) to collect intelligence pertaining to the adversaries, to no avail. Recently, MITRE's ATT&CK® framework has been widely adopted for collecting and documenting the TTPs of the various CTAs. This paper presents an Automated Reclassification for Threat Actors (ART) that quantitatively compares the TTPs from different APT groups. ART crawls cyber threat reports and retrieves the ATT&CK matrix of APT groups. Then, it vectorizes the ATT&CK matrix and calculates the cosine similarity. By reexamining the various aliases of the CTAs with the ATT&CK framework, we believe that ART can help classify the indiscriminately established APT groups.

Original languageEnglish
Title of host publication2021 World Automation Congress, WAC 2021
PublisherIEEE Computer Society
Pages15-20
Number of pages6
ISBN (Electronic)9781685241117
DOIs
Publication statusPublished - 2021 Aug 1
Event2021 World Automation Congress, WAC 2021 - Virtual, Taipei, Taiwan, Province of China
Duration: 2021 Aug 12021 Aug 5

Publication series

NameWorld Automation Congress Proceedings
Volume2021-August
ISSN (Print)2154-4824
ISSN (Electronic)2154-4832

Conference

Conference2021 World Automation Congress, WAC 2021
Country/TerritoryTaiwan, Province of China
CityVirtual, Taipei
Period21/8/121/8/5

Keywords

  • Automation
  • Cyber Attribution
  • Cyber Threat Intelligence
  • Cybersecurity

ASJC Scopus subject areas

  • Control and Systems Engineering

Cite this