Visible to the public Deep Learning for Threat Actor Attribution from Threat Reports

TitleDeep Learning for Threat Actor Attribution from Threat Reports
Publication TypeConference Paper
Year of Publication2020
AuthorsS, Naveen, Puzis, Rami, Angappan, Kumaresan
Conference Name2020 4th International Conference on Computer, Communication and Signal Processing (ICCCSP)
Keywordsattribution, classification, composability, Data models, Deep Learning, Human Behavior, Malware, Metrics, pubcrawl, Semantics, Signal processing, Task Analysis, threat actor, threat intelligence, Training
AbstractThreat Actor Attribution is the task of identifying an attacker responsible for an attack. This often requires expert analysis and involves a lot of time. There had been attempts to detect a threat actor using machine learning techniques that use information obtained from the analysis of malware samples. These techniques will only be able to identify the attack, and it is trivial to guess the attacker because various attackers may adopt an attack method. A state-of-the-art method performs attribution of threat actors from text reports using Machine Learning and NLP techniques using Threat Intelligence reports. We use the same set of Threat Reports of Advanced Persistent Threats (APT). In this paper, we propose a Deep Learning architecture to attribute Threat actors based on threat reports obtained from various Threat Intelligence sources. Our work uses Neural Networks to perform the task of attribution and show that our method makes the attribution more accurate than other techniques and state-of-the-art methods.
Citation Keys_deep_2020