Formulation Of Association Rule Mining (ARM) For An Effective Cyber Attack Attribution In Cyber Threat Intelligence (CTI)
In recent year, an adversary has improved their Tactic, Technique and Procedure (TTPs) in launching cyberattack that make it less predictable, more persistent, resourceful and better funded. So many organisation has opted to use Cyber Threat Intelligence (CTI) in their security posture in attributin...
Saved in:
Main Authors: | , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
The Science And Information (SAI) Organization Limited
2021
|
Online Access: | http://eprints.utem.edu.my/id/eprint/25367/2/PAPER_18-FORMULATION_OF_ASSOCIATION_RULE_MINING.PDF http://eprints.utem.edu.my/id/eprint/25367/ https://thesai.org/Downloads/Volume12No4/Paper_18-Formulation_of_Association_Rule_Mining.pdf |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Summary: | In recent year, an adversary has improved their Tactic, Technique and Procedure (TTPs) in launching cyberattack that make it less predictable, more persistent, resourceful and better funded. So many organisation has opted to use Cyber Threat Intelligence (CTI) in their security posture in attributing cyberattack effectively. However, to fully leverage the massive amount of data in CTI for threat attribution, an organisation needs to spend their focus more on discovering the hidden knowledge behind the voluminous data to produce an effective cyberattack attribution. Hence this paper emphasized on the research of association analysis in CTI process for cyber attack attribution. The aim of this paper is to formulate
association ruleset to perform the attribution process in the CTI.
The Apriori algorithm is used to formulate association ruleset in
association analysis process and is known as the CTI Association
Ruleset (CTI-AR). Interestingness measure indicator specially support (s), confidence (c) and lift (l) are used to measure the practicality, validity and filtering the CTI-AR. The results showed that CTI-AR effectively identify the attributes, relationship between attributes and attribution level group of cyberattack in CTI. This research has a high potential of being expanded into cyber threat hunting process in providing a more proactive cybersecurity environment. |
---|