Threat Actor Type Inference and Characterization within Cyber Threat Intelligence
release_qg5jub26rrdkvpun6bc3pdeiaa
by
Vasileios Mavroeidis, Ryan Hohimer, Tim Casey, Audun Jøsang
2021
Abstract
As the cyber threat landscape is constantly becoming increasingly complex and
polymorphic, the more critical it becomes to understand the enemy and its modus
operandi for anticipatory threat reduction. Even though the cyber security
community has developed a certain maturity in describing and sharing technical
indicators for informing defense components, we still struggle with
non-uniform, unstructured, and ambiguous higher-level information, such as the
threat actor context, thereby limiting our ability to correlate with different
sources to derive more contextual, accurate, and relevant intelligence. We see
the need to overcome this limitation in order to increase our ability to
produce and better operationalize cyber threat intelligence. Our research
demonstrates how commonly agreed upon controlled vocabularies for
characterizing threat actors and their operations can be used to enrich cyber
threat intelligence and infer new information at a higher contextual level that
is explicable and queryable. In particular, we present an ontological approach
to automatically inferring the types of threat actors based on their personas,
understanding their nature, and capturing polymorphism and changes in their
behavior and characteristics over time. Such an approach not only enables
interoperability by providing a structured way and means for sharing highly
contextual cyber threat intelligence but also derives new information at
machine speed and minimizes cognitive biases that manual classification
approaches entail.
In text/plain
format
Archived Files and Locations
application/pdf 2.0 MB
file_yczmi6cy7fcpzhect2zc7bto3i
|
arxiv.org (repository) web.archive.org (webarchive) |
2103.02301v4
access all versions, variants, and formats of this works (eg, pre-prints)