Formulation Of Association Rule Mining (ARM) For An Effective Cyber Attack Attribution In Cyber Threat Intelligence (CTI)
In recent year, an adversary has improved their Tactic, Technique and Procedure (TTPs) in launching cyberattack that make it less predictable, more persistent, resourceful and better funded. So many organisation has opted to use Cyber Threat Intelligence (CTI) in their security posture in attributin...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | en |
| Published: |
The Science And Information (SAI) Organization Limited
2021
|
| Online Access: | http://eprints.utem.edu.my/id/eprint/25367/2/PAPER_18-FORMULATION_OF_ASSOCIATION_RULE_MINING.PDF http://eprints.utem.edu.my/id/eprint/25367/ https://thesai.org/Downloads/Volume12No4/Paper_18-Formulation_of_Association_Rule_Mining.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832718149516001280 |
|---|---|
| author | Abu, Md Sahrom Ariffin, Aswami Yusof, Robiah Selamat, Siti Rahayu |
| author_facet | Abu, Md Sahrom Ariffin, Aswami Yusof, Robiah Selamat, Siti Rahayu |
| author_sort | Abu, Md Sahrom |
| building | UTEM Library |
| collection | Institutional Repository |
| content_provider | Universiti Teknikal Malaysia Melaka |
| content_source | UTEM Institutional Repository |
| continent | Asia |
| country | Malaysia |
| description | In recent year, an adversary has improved their Tactic, Technique and Procedure (TTPs) in launching cyberattack that make it less predictable, more persistent, resourceful and better funded. So many organisation has opted to use Cyber Threat Intelligence (CTI) in their security posture in attributing cyberattack effectively. However, to fully leverage the massive amount of data in CTI for threat attribution, an organisation needs to spend their focus more on discovering the hidden knowledge behind the voluminous data to produce an effective cyberattack attribution. Hence this paper emphasized on the research of association analysis in CTI process for cyber attack attribution. The aim of this paper is to formulate
association ruleset to perform the attribution process in the CTI.
The Apriori algorithm is used to formulate association ruleset in
association analysis process and is known as the CTI Association
Ruleset (CTI-AR). Interestingness measure indicator specially support (s), confidence (c) and lift (l) are used to measure the practicality, validity and filtering the CTI-AR. The results showed that CTI-AR effectively identify the attributes, relationship between attributes and attribution level group of cyberattack in CTI. This research has a high potential of being expanded into cyber threat hunting process in providing a more proactive cybersecurity environment. |
| format | Article |
| id | my.utem.eprints-25367 |
| institution | Universiti Teknikal Malaysia Melaka |
| language | en |
| publishDate | 2021 |
| publisher | The Science And Information (SAI) Organization Limited |
| record_format | eprints |
| spelling | my.utem.eprints-253672021-12-20T13:00:05Z http://eprints.utem.edu.my/id/eprint/25367/ Formulation Of Association Rule Mining (ARM) For An Effective Cyber Attack Attribution In Cyber Threat Intelligence (CTI) Abu, Md Sahrom Ariffin, Aswami Yusof, Robiah Selamat, Siti Rahayu In recent year, an adversary has improved their Tactic, Technique and Procedure (TTPs) in launching cyberattack that make it less predictable, more persistent, resourceful and better funded. So many organisation has opted to use Cyber Threat Intelligence (CTI) in their security posture in attributing cyberattack effectively. However, to fully leverage the massive amount of data in CTI for threat attribution, an organisation needs to spend their focus more on discovering the hidden knowledge behind the voluminous data to produce an effective cyberattack attribution. Hence this paper emphasized on the research of association analysis in CTI process for cyber attack attribution. The aim of this paper is to formulate association ruleset to perform the attribution process in the CTI. The Apriori algorithm is used to formulate association ruleset in association analysis process and is known as the CTI Association Ruleset (CTI-AR). Interestingness measure indicator specially support (s), confidence (c) and lift (l) are used to measure the practicality, validity and filtering the CTI-AR. The results showed that CTI-AR effectively identify the attributes, relationship between attributes and attribution level group of cyberattack in CTI. This research has a high potential of being expanded into cyber threat hunting process in providing a more proactive cybersecurity environment. The Science And Information (SAI) Organization Limited 2021-04 Article PeerReviewed text en http://eprints.utem.edu.my/id/eprint/25367/2/PAPER_18-FORMULATION_OF_ASSOCIATION_RULE_MINING.PDF Abu, Md Sahrom and Ariffin, Aswami and Yusof, Robiah and Selamat, Siti Rahayu (2021) Formulation Of Association Rule Mining (ARM) For An Effective Cyber Attack Attribution In Cyber Threat Intelligence (CTI). International Journal Of Advanced Computer Science And Applications (IJASCA), 12 (4). pp. 134-143. ISSN 2158-107X https://thesai.org/Downloads/Volume12No4/Paper_18-Formulation_of_Association_Rule_Mining.pdf 10.14569/IJACSA.2021.0120418 |
| spellingShingle | Abu, Md Sahrom Ariffin, Aswami Yusof, Robiah Selamat, Siti Rahayu Formulation Of Association Rule Mining (ARM) For An Effective Cyber Attack Attribution In Cyber Threat Intelligence (CTI) |
| title | Formulation Of Association Rule Mining (ARM) For An Effective Cyber Attack Attribution In Cyber Threat Intelligence (CTI) |
| title_full | Formulation Of Association Rule Mining (ARM) For An Effective Cyber Attack Attribution In Cyber Threat Intelligence (CTI) |
| title_fullStr | Formulation Of Association Rule Mining (ARM) For An Effective Cyber Attack Attribution In Cyber Threat Intelligence (CTI) |
| title_full_unstemmed | Formulation Of Association Rule Mining (ARM) For An Effective Cyber Attack Attribution In Cyber Threat Intelligence (CTI) |
| title_short | Formulation Of Association Rule Mining (ARM) For An Effective Cyber Attack Attribution In Cyber Threat Intelligence (CTI) |
| title_sort | formulation of association rule mining (arm) for an effective cyber attack attribution in cyber threat intelligence (cti) |
| url | http://eprints.utem.edu.my/id/eprint/25367/2/PAPER_18-FORMULATION_OF_ASSOCIATION_RULE_MINING.PDF http://eprints.utem.edu.my/id/eprint/25367/ https://thesai.org/Downloads/Volume12No4/Paper_18-Formulation_of_Association_Rule_Mining.pdf |
| url_provider | http://eprints.utem.edu.my/ |