مشخصات مقاله | |
ترجمه عنوان مقاله | یک چهارچوب نسبیت تهدید سایبری فین تک مبتنی بر یادگیری ماشین با استفاده از شاخص های سطح بالای سازش |
عنوان انگلیسی مقاله | A machine learning-based FinTech cyber threat attribution framework using high-level indicators of compromise |
انتشار | مقاله سال 2019 |
تعداد صفحات مقاله انگلیسی | 16 صفحه |
هزینه | دانلود مقاله انگلیسی رایگان میباشد. |
پایگاه داده | نشریه الزویر |
نوع نگارش مقاله |
مقاله پژوهشی (Research Article) |
مقاله بیس | این مقاله بیس نمیباشد |
نمایه (index) | Scopus – Master Journals List – JCR |
نوع مقاله | ISI |
فرمت مقاله انگلیسی | |
ایمپکت فاکتور(IF) |
7.007 در سال 2018 |
شاخص H_index | 93 در سال 2019 |
شاخص SJR | 0.835 در سال 2018 |
شناسه ISSN | 0167-739X |
شاخص Quartile (چارک) | Q1 در سال 2018 |
رشته های مرتبط | مهندسی کامپیوتر |
گرایش های مرتبط | امنیت اطلاعات |
نوع ارائه مقاله |
ژورنال |
مجله / کنفرانس | سیستم های کامپیوتری نسل آینده-Future Generation Computer Systems |
دانشگاه | Department of Computing, School of Electrical Engineering and Computer Science (SEECS), National University of Sciences and Technology (NUST), Islamabad, Pakistan |
کلمات کلیدی | نسبیت تهدید سایبری، نسبیت تهدید فین تک، تکنیک ها و روش های تاکتیکی، یادگیری ماشین، شبکه عصبی یادگیری عمیق، هوش تهدید سایبری |
کلمات کلیدی انگلیسی | Cyber threat attribution، FinTech threat attribution، Tactics techniques and procedures، Machine learning، Deep learning neural network، Cyber threat intelligence |
شناسه دیجیتال – doi |
https://doi.org/10.1016/j.future.2019.02.013 |
کد محصول | E12071 |
وضعیت ترجمه مقاله | ترجمه آماده این مقاله موجود نمیباشد. میتوانید از طریق دکمه پایین سفارش دهید. |
دانلود رایگان مقاله | دانلود رایگان مقاله انگلیسی |
سفارش ترجمه این مقاله | سفارش ترجمه این مقاله |
فهرست مطالب مقاله: |
Abstract 1. Introduction 2. Literature review 3. Proposed framework 4. Evaluation and findings 5. Conclusion Acknowledgments References |
بخشی از متن مقاله: |
Abstract Cyber threat attribution identifies the source of a malicious cyber activity, which in turn informs cyber security mitigation responses and strategies. Such responses and strategies are crucial for deterring future attacks, particularly in the financial and critical infrastructure sectors. However, existing approaches generally rely on manual analysis of attack indicators obtained through approaches such as trace-back, firewalls, intrusion detection and honeypot deployments. These attack indicators, also known as low-level Indicators of Compromise (IOCs), are rarely re-used and can be easily modified and disguised resulting in a deceptive and biased cyber threat attribution. Cyber attackers, particularly financially-motivated actors, can use common high-level attack patterns that evolve less frequently as compared to the low-level IOCs. To attribute cyber threats effectively, it is necessary to identify them based on the high-level adversary’s attack patterns (e.g. tactics, techniques and procedures – TTPs, software tools and malware) employed in different phases of the cyber kill chain. Identification of high-level attack patterns is time-consuming, requiring forensic investigation of the victim network(s) and other resources. In the rare case that attack patterns are reported in cyber threat intelligence (CTI) reports, the format is textual and unstructured typically taking the form of lengthy incident reports prepared for human consumption (e.g. prepared for C-level and senior management executives), which cannot be directly interpreted by machines. Thus, in this paper we propose a framework to automate cyber threat attribution. Specifically, we profile cyber threat actors (CTAs) based on their attack patterns extracted from CTI reports, using the distributional semantics technique of Natural Language Processing. Using these profiles, we train and test five machine learning classifiers on 327 CTI reports collected from publicly available incident reports that cover events from May 2012 to February 2018. It is observed that the CTA profiles obtained attribute cyber threats with a high precision (i.e. 83% as compared to other publicly available CTA profiles, where the precision is 33%). The Deep Learning Neural Network (DLNN) based classifier also attributes cyber threats with a higher accuracy (i.e. 94% as compared to other classifiers). Introduction Cyber threat attribution facilitates the identification of an attacker or his/her intermediary. This can be used in subsequent (forensic) investigation by organizations or prosecution by law enforcement and other relevant stakeholders. For example, the U.S. Congress enacted the Cybersecurity Information Sharing Act (CISA) into law in 2015 [1], which mandates organizations (including financial institutions) involved in cyber data breach incidents to share cyber threat intelligence (CTI) with other relevant stakeholders, particularly their customers [2]. The interpretation and practices of cyber attack attribution have evolved with time. In the earlier days, the focus of attribution was to locate the attacker(s) or intermediary(ies) launching distributed denial of service (DDoS) attacks and to help stop malicious traffic via IP traceback. Thus, cyber attack attribution refers to source trace-back techniques that work backwards to geographically locate the origin of IP packets via router traversal record [3,4]. Source trace-back techniques cannot truly attribute cyber attacks, partly due to the intrinsic limitation of IP address spoofing and anonymization. A resourceful attacker can, for example, compound the challenges of attribution by using reflection hosts, small Time To Live (TTL) values, employing botnets as stepping stones, and launching attacks over wider time frames. |