nach oben

Erschienen in:

2024 | OriginalPaper | Buchkapitel

Automated Attacker Behaviour Classification Using Threat Intelligence Insights

verfasst von : Pierre Crochelet, Christopher Neal, Nora Boulahia Cuppens, Frédéric Cuppens, Alexandre Proulx

Erschienen in: Foundations and Practice of Security

Verlag: Springer Nature Switzerland

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

As the sophistication and occurrence of cyberattacks continues to rise, it is increasingly crucial for organizations to invest in threat intelligence. In this research, we propose a way to automate some part of the threat intelligence process by leveraging the MITRE ATT &CK knowledge base of attackers to correlate and attribute attackers to a specific threat group. We propose a proof of work algorithm that does not aim to completely replace network administrators, but would rather help them by giving guidance, to expedite the attribution process. We show how this algorithm can be used to give insights on attackers by using it on real-world data gathered from a honeypot made publicly available on the Internet, over a two months period. We demonstrate how we are able to first discover the different techniques used by the attackers. Then, we identify various modi operandi of different threat groups collected from the MITRE ATT &CK framework and leverage that information to expose the behaviour of attackers targeting our Honeypot. By correlating the attackers together, we manage to reconstruct more complex attack vectors and are finally able to find higher similarities between the observed attackers and the knowledge base.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Unmasking of Maskware: Detection and Prevention of Next-Generation Mobile Crypto-Ransomware

Nächstes Kapitel UDP State Manipulation: Description of a Packet Filtering Vulnerability in Stateful Firewalls

Bada, M., Nurse, J.R.: Profiling the cybercriminal: a systematic review of research. In: 2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). pp. 1–8. IEEE (2021)

Bar, A., Shapira, B., Rokach, L., Unger, M.: Identifying attack propagation patterns in honeypots using Markov chains modeling and complex networks analysis. In: 2016 IEEE International Conference on Software Science, Technology and Engineering (SWSTE 2016), pp. 28–36 (2016)

Bianco, D.J.: Pyramid of pain (2014). http://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html

Caliński, T., Harabasz, J.: A dendrite method for cluster analysis. Commun. Stat. Theory Methods 3(1), 1–27 (1974)MathSciNetCrossRef

Charan, P.S., Anand, P.M., Shukla, S.K.: Dmapt: study of data mining and machine learning techniques in advanced persistent threat attribution and detection. In: Data Mining-Concepts and Applications. IntechOpen (2021)

Deshmukh, S., Rade, R., Kazi, D., et al.: Attacker behaviour profiling using stochastic ensemble of hidden Markov models. arXiv preprint arXiv:1905.11824 (2019)

Djap, R., Lim, C., Silaen, K.E., Yusuf, A.: Xb-pot: revealing honeypot-based attacker’s behaviors. In: 2021 9th International Conference on Information and Communication Technology (ICoICT), pp. 550–555. IEEE (2021)

Doynikova, E., Novikova, E., Kotenko, I.: Attacker behaviour forecasting using methods of intelligent data analysis: a comparative review and prospects. Information 11(3) (2020)

Ester, M., Kriegel, H.P., Sander, J., Xu, X.: A density-based algorithm for discovering clusters in large spatial databases with noise. In: Proceedings of the Second International Conference on Knowledge Discovery and Data Mining. KDD’96, pp. 226–231. AAAI Press (1996)

10.

GhasemiGol, M., Ghaemi-Bafghi, A., Takabi, H.: A comprehensive approach for network attack forecasting. Comput. Secur. 58, 83–105 (2016)

11.

Goutam, R.K.: The problem of attribution in cyber security. Int. J. Comput. Appl. 131(7), 34–36 (2015)

12.

Karafili, E., Wang, L., Lupu, E.C.: An argumentation-based reasoner to assist digital investigation and attribution of cyber-attacks. Forensic Sci. Int. Digit. Invest. 32(S) (2020)

13.

Kim, K., Shin, Y., Lee, J., Lee, K.: Automatically attributing mobile threat actors by vectorized ATT &CK matrix and paired indicator. Sensors 21(19), 6522 (2021)CrossRef

14.

Kotenko, I., Chechulin, A.: A cyber attack modeling and impact assessment framework. In: 2013 5th International Conference on Cyber Conflict (CYCON 2013), pp. 1–24. IEEE (2013)

15.

Mallikarjunan, K.N., Shalinie, S.M., Preetha, G.: Real time attacker behavior pattern discovery and profiling using fuzzy rules. J. Internet Technol. 19(5), 1567–1575 (2018)

16.

Mandiant: The Majority of Business Cyber Security Decisions are Made Without Insight into the Attacker (2023). https://www.mandiant.com/company/press-releases/mandiant-security-perspectives-report

17.

MITRE ATT &CK: Putter panda. https://attack.mitre.org/groups/G0024/

18.

MITRE ATT &CK, February 2023. https://attack.mitre.org/

19.

Mokube, I., Adams, M.: Honeypots: concepts, approaches, and challenges. In: Proceedings of the 45th Annual Southeast Regional Conference, pp. 321–326 (2007)

20.

Nawrocki, M., Wählisch, M., Schmidt, T.C., Keil, C., Schönfelder, J.: A survey on honeypot software and data analysis. arXiv preprint arXiv:1608.06249 (2016)

21.

Oosterhof, M.: Cowrie (2022). https://www.cowrie.org

22.

Ryandy, Lim, C., Silaen, K.E.: Xt-pot: exposing threat category of honeypot-based attacks. In: Proceedings of the 2021 International Conference on Engineering and Information Technology for Sustainable Industry, pp. 1–6 (2020)

23.

Shin, Y., Kim, K., Lee, J.J., Lee, K.: Art: automated reclassification for threat actors based on ATT &CK matrix similarity. In: 2021 World Automation Congress (WAC), pp. 15–20. IEEE (2021)

24.

Soliman, H.M., Salmon, G., Sovilj, D., Rao, M.: Rank: AI-assisted end-to-end architecture for detecting persistent attacks in enterprise networks. arXiv preprint arXiv:2101.02573 (2021)

25.

University of Cambridge: Clever Carl (2012). https://nrich.maths.org/2478

26.

Warikoo, A.: The triangle model for cyber threat attribution. J. Cyber Secur. Technol. 5(3–4), 191–208 (2021)CrossRef

Titel: Automated Attacker Behaviour Classification Using Threat Intelligence Insights
verfasst von: Pierre Crochelet
Christopher Neal
Nora Boulahia Cuppens
Frédéric Cuppens
Alexandre Proulx
Verlag: Springer Nature Switzerland
Buch: Foundations and Practice of Security
Print ISBN: 978-3-031-57536-5

Electronic ISBN: 978-3-031-57537-2

Copyright-Jahr: 2024
DOI: https://doi.org/10.1007/978-3-031-57537-2_18

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner