Abstract:
Rapidly growing shared information for threat intelligence not only helps security analysts reduce time on tracking attacks, but also bring possibilities to research on a...Show MoreNotes: This article was mistakenly omitted from the original submission to IEEE Xplore. It is now included as part of the conference record.
Metadata
Abstract:
Rapidly growing shared information for threat intelligence not only helps security analysts reduce time on tracking attacks, but also bring possibilities to research on adversaries’ thinking and decisions, which is important for the further analysis of attackers’ habits and preferences. In this paper, we analyze current models and frameworks used in threat intelligence that suited to different modeling goals, and propose a three-layer model (Goal, Behavior, Capability) to study the statistical characteristics of APT groups. Based on the proposed model, we construct a knowledge network composed of adversary behaviors, and introduce a similarity measure approach to capture similarity degree by considering different semantic links between groups. After calculating similarity degrees, we take advantage of Girvan–Newman algorithm to discover community groups, clustering result shows that community structures and boundaries do exist by analyzing the behavior of APT groups.
Notes: This article was mistakenly omitted from the original submission to IEEE Xplore. It is now included as part of the conference record.
Date of Conference: 27-30 July 2020
Date Added to IEEE Xplore: 11 September 2020
ISBN Information: