With the rapid technological development, identifying the attackers behind cyber-attacks is getting more sophisticated. To cope with this phenomenon, the current process of cyber-threat attribution includes features like tactics techniques and procedures (TTP), tools, target country/ company and application. They do not include attacker context and motives; thus, they demand more refined traits. Adding behavioral features to this process is essential to better understand the attacker’s context, motivations and goals. This research study accentuates the impact of adding behavioral features with existing technical features in determining the actual actor. The behavioral features are extracted from Threat actor encyclopedia, a dataset published by Thai CERT. This research investigation also analyzes the impact of hybrid features (technical & and behavioral). For this procedure, the best features are chosen by implementing feature selection techniques. For empirical results, we use the threat actor encyclopedia, a data set published by Thai Cert, for extraction of behavioral attributes. With this augmentation, we achieve elevated results of 97%, 98.8%, 97%, and 97.2% in terms of accuracy, precision, recall and F1-measure using machine/deep learning algorithms.
Full Text Finder