چهارچوب نسبیت تهدید سایبری فین تک مبتنی بر یادگیری ماشین
ترجمه نشده

چهارچوب نسبیت تهدید سایبری فین تک مبتنی بر یادگیری ماشین

عنوان فارسی مقاله: یک چهارچوب نسبیت تهدید سایبری فین تک مبتنی بر یادگیری ماشین با استفاده از شاخص های سطح بالای سازش
عنوان انگلیسی مقاله: A machine learning-based FinTech cyber threat attribution framework using high-level indicators of compromise
مجله/کنفرانس: سیستم های کامپیوتری نسل آینده-Future Generation Computer Systems
رشته های تحصیلی مرتبط: مهندسی کامپیوتر
گرایش های تحصیلی مرتبط: امنیت اطلاعات
کلمات کلیدی فارسی: نسبیت تهدید سایبری، نسبیت تهدید فین تک، تکنیک ها و روش های تاکتیکی، یادگیری ماشین، شبکه عصبی یادگیری عمیق، هوش تهدید سایبری
کلمات کلیدی انگلیسی: Cyber threat attribution، FinTech threat attribution، Tactics techniques and procedures، Machine learning، Deep learning neural network، Cyber threat intelligence
نوع نگارش مقاله: مقاله پژوهشی (Research Article)
نمایه: Scopus – Master Journals List – JCR
شناسه دیجیتال (DOI): https://doi.org/10.1016/j.future.2019.02.013
دانشگاه: Department of Computing, School of Electrical Engineering and Computer Science (SEECS), National University of Sciences and Technology (NUST), Islamabad, Pakistan
ناشر: الزویر - Elsevier
نوع ارائه مقاله: ژورنال
نوع مقاله: ISI
سال انتشار مقاله: 2019
ایمپکت فاکتور: 7.007 در سال 2018
شاخص H_index: 93 در سال 2019
شاخص SJR: 0.835 در سال 2018
شناسه ISSN: 0167-739X
شاخص Quartile (چارک): Q1 در سال 2018
فرمت مقاله انگلیسی: PDF
تعداد صفحات مقاله انگلیسی: 16
وضعیت ترجمه: ترجمه نشده است
قیمت مقاله انگلیسی: رایگان
آیا این مقاله بیس است: خیر
کد محصول: E12071
فهرست انگلیسی مطالب

Abstract


1. Introduction


2. Literature review


3. Proposed framework


4. Evaluation and findings


5. Conclusion


Acknowledgments


References

نمونه متن انگلیسی مقاله

Abstract


Cyber threat attribution identifies the source of a malicious cyber activity, which in turn informs cyber security mitigation responses and strategies. Such responses and strategies are crucial for deterring future attacks, particularly in the financial and critical infrastructure sectors. However, existing approaches generally rely on manual analysis of attack indicators obtained through approaches such as trace-back, firewalls, intrusion detection and honeypot deployments. These attack indicators, also known as low-level Indicators of Compromise (IOCs), are rarely re-used and can be easily modified and disguised resulting in a deceptive and biased cyber threat attribution. Cyber attackers, particularly financially-motivated actors, can use common high-level attack patterns that evolve less frequently as compared to the low-level IOCs. To attribute cyber threats effectively, it is necessary to identify them based on the high-level adversary’s attack patterns (e.g. tactics, techniques and procedures – TTPs, software tools and malware) employed in different phases of the cyber kill chain. Identification of high-level attack patterns is time-consuming, requiring forensic investigation of the victim network(s) and other resources. In the rare case that attack patterns are reported in cyber threat intelligence (CTI) reports, the format is textual and unstructured typically taking the form of lengthy incident reports prepared for human consumption (e.g. prepared for C-level and senior management executives), which cannot be directly interpreted by machines. Thus, in this paper we propose a framework to automate cyber threat attribution. Specifically, we profile cyber threat actors (CTAs) based on their attack patterns extracted from CTI reports, using the distributional semantics technique of Natural Language Processing. Using these profiles, we train and test five machine learning classifiers on 327 CTI reports collected from publicly available incident reports that cover events from May 2012 to February 2018. It is observed that the CTA profiles obtained attribute cyber threats with a high precision (i.e. 83% as compared to other publicly available CTA profiles, where the precision is 33%). The Deep Learning Neural Network (DLNN) based classifier also attributes cyber threats with a higher accuracy (i.e. 94% as compared to other classifiers).


Introduction


Cyber threat attribution facilitates the identification of an attacker or his/her intermediary. This can be used in subsequent (forensic) investigation by organizations or prosecution by law enforcement and other relevant stakeholders. For example, the U.S. Congress enacted the Cybersecurity Information Sharing Act (CISA) into law in 2015 [1], which mandates organizations (including financial institutions) involved in cyber data breach incidents to share cyber threat intelligence (CTI) with other relevant stakeholders, particularly their customers [2]. The interpretation and practices of cyber attack attribution have evolved with time. In the earlier days, the focus of attribution was to locate the attacker(s) or intermediary(ies) launching distributed denial of service (DDoS) attacks and to help stop malicious traffic via IP traceback. Thus, cyber attack attribution refers to source trace-back techniques that work backwards to geographically locate the origin of IP packets via router traversal record [3,4]. Source trace-back techniques cannot truly attribute cyber attacks, partly due to the intrinsic limitation of IP address spoofing and anonymization. A resourceful attacker can, for example, compound the challenges of attribution by using reflection hosts, small Time To Live (TTL) values, employing botnets as stepping stones, and launching attacks over wider time frames.

  • اشتراک گذاری در

دیدگاه خود را بنویسید:

تاکنون دیدگاهی برای این نوشته ارسال نشده است

چهارچوب نسبیت تهدید سایبری فین تک مبتنی بر یادگیری ماشین
نوشته های مرتبط
مقالات جدید
لوگوی رسانه های برخط

logo-samandehi

پیوندها