A Modular Approach to Automatic Cyber Threat Attribution using Opinion Pools

    Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdrageAcademicpeer review

    100 Downloads (Pure)

    Samenvatting

    Cyber threat attribution can play an important role in increasing resilience against digital threats. Recent research focuses on automating the threat attribution process and on integrating it with other efforts, such as threat hunting. To support increasing automation of the cyber threat attribution process, this paper proposes a modular architecture as an alternative to current monolithic automated approaches. The modular architecture can utilize opinion pools to combine the output of concrete attributors. The proposed solution increases the tractability of the threat attribution problem and offers increased usability and interpretability, as opposed to monolithic alternatives. In addition, a Pairing Aggregator is proposed as an aggregation method that forms pairs of attributors based on distinct features to produce intermediary results before finally producing a single Probability Mass Function (PMF) as output. The Pairing Aggregator sequentially applies both the logarithmic opinion pool and the linear opinion pool. An experimental validation suggests that the modular approach does not result in decreased performance and can even enhance precision and recall compared to monolithic alternatives. The results also suggest that the Pairing Aggregator can improve precision over the linear and logarithmic opinion pools. Furthermore, the improved k-accuracy in the experiment suggests that forensic experts can leverage the resulting PMF during their manual attribution processes to enhance their efficiency.
    Originele taal-2Engels
    Titel2023 IEEE International Conference on Big Data (Big Data)
    RedacteurenJingrui He, Themis Palpanas, Xiaohua Hu, Alfredo Cuzzocrea, Dejing Dou, Dominik Slezak, Wei Wang, Aleksandra Gruca, Jerry Chun-Wei Lin, Rakesh Agrawal
    UitgeverijInstitute of Electrical and Electronics Engineers
    Pagina's3089-3098
    Aantal pagina's10
    ISBN van elektronische versie979-8-3503-2445-7
    ISBN van geprinte versie979-8-3503-2446-4
    DOI's
    StatusGepubliceerd - 22 jan. 2024
    Evenement2023 IEEE International Conference on Big Data - Sorrento, Italië
    Duur: 15 dec. 202318 dec. 2023
    https://bigdataieee.org/BigData2023/index.html

    Congres

    Congres2023 IEEE International Conference on Big Data
    Verkorte titelIEEE BigData 2023
    Land/RegioItalië
    StadSorrento
    Periode15/12/2318/12/23
    Internet adres

    Bibliografische nota

    Publisher Copyright:
    © 2023 IEEE.

    Financiering

    This publication is part of the project CATRIN (with project number NWA.1215.18.003) and the project INTERSECT (with project number NWA.1160.18.301) of the research program Cybersecurity which are (partly) financed by the Dutch Research Council (NWO). For the purpose of Open Access, a CC-BY 4.0 public copyright license is applied to any Author Accepted Manuscript version arising from this submission.

    FinanciersFinanciernummer
    Nederlandse Organisatie voor Wetenschappelijk OnderzoekNWA.1215.18.003, NWA.1160.18.301

      Vingerafdruk

      Duik in de onderzoeksthema's van 'A Modular Approach to Automatic Cyber Threat Attribution using Opinion Pools'. Samen vormen ze een unieke vingerafdruk.

      Citeer dit