Back to Search
Start Over
IPAttributor: Cyber Attacker Attribution with Threat Intelligence-Enriched Intrusion Data.
- Source :
-
Mathematics (2227-7390) . May2024, Vol. 12 Issue 9, p1364. 19p. - Publication Year :
- 2024
-
Abstract
- In the dynamic landscape of cyberspace, organizations face a myriad of coordinated advanced threats that challenge the traditional defense paradigm. Cyber Threat Intelligence (CTI) plays a crucial role, providing in-depth insights into adversary groups and enhancing the detection and neutralization of complex cyber attacks. However, attributing attacks poses significant challenges due to over-reliance on malware samples or network detection data alone, which falls short of comprehensively profiling attackers. This paper proposes an IPv4-based threat attribution model, IPAttributor, that improves attack characterization by merging a real-world network behavior dataset comprising 39,707 intrusion entries with commercial threat intelligence from three distinct sources, offering a more nuanced context. A total of 30 features were utilized from the enriched dataset for each IP to create a feature matrix to assess the similarities and linkage of associated IPs, and a dynamic weighted threat segmentation algorithm was employed to discern attacker communities. The experiments affirm the efficacy of our method in pinpointing attackers sharing a common origin, achieving the highest accuracy of 88.89%. Our study advances the relatively underexplored line of work of cyber attacker attribution, with a specific interest in IP-based attribution strategies, thereby enhancing the overall understanding of the attacker's group regarding their capabilities and intentions. [ABSTRACT FROM AUTHOR]
Details
- Language :
- English
- ISSN :
- 22277390
- Volume :
- 12
- Issue :
- 9
- Database :
- Academic Search Index
- Journal :
- Mathematics (2227-7390)
- Publication Type :
- Academic Journal
- Accession number :
- 177182141
- Full Text :
- https://doi.org/10.3390/math12091364