 |
|
|
|
以作者查詢圖書館館藏 、以作者查詢臺灣博碩士 、以作者查詢全國書目 、勘誤回報 、線上人數:74 、訪客IP:3.147.47.201
姓名 陳政劭(Zheng-Shao Chen) 查詢紙本館藏 畢業系所 資訊工程學系 論文名稱 基於網絡威脅情報利用加權相似度計算對APT組織進行聚類
(Weighted Similarity Measurement for Clustering APT Groups through Cyber Threat Intelligence)相關論文 檔案 [Endnote RIS 格式]
[相關文章]
[文章引用]
[完整記錄]
[館藏目錄]
至系統瀏覽論文 (2028-7-1以後開放)
摘要(中) 近年來,高級持續威脅(APT) 組織的激增給網絡安全專業人員帶來了
重大挑戰。為了有效地理解這些惡意組織之間的關係和相似之處,需要一
種全面而穩健的分析方法。在本文中,我們提出了一種新穎的加權相似性
度量方法,該方法考慮了APT 組的各種特徵和特徵。我們的方法利用
MITRE ATT&CK 技術和軟件、目標國家和行業等類別來捕獲每個APT 組
的特徵。通過分析這些特徵之間的聯繫和重疊,我們可以建立一個加權相
似度分數來量化不同APT 組之間的相似程度。該分數對於識別惡意實體
之間的潛在關聯、子組或共享特徵至關重要。為了驗證我們的方法的有效
性,我們進行了廣泛的實驗評估。結果表明我們的方法能夠準確評估APT
組之間的關係。通過加權相似性度量,我們在APT 組分析和分群實現了
更可靠和公正的決策過程。我們研究的意義在於它有可能增強對APT 組
動態的理解並提高威脅情報能力。通過深入了解APT 組織之間的相似性
和聯繫,並進行分群。網絡安全專業人員可以針對同一個群體的APT 組織
製定更有針對性和更有效的策略來減輕和應對網絡威脅。摘要(英) In recent years, the rise of Advanced Persistent Threat (APT) groups has posed significant challenges to cybersecurity experts. To effectively understand the relationships and similarities among these groups, a comprehensive and robust analysis approach is required. In this article, we present a novel weighted similarity measurement method that considers various features and characteristics of APT groups. Our method leverages features such as MITRE ATT&CK Techniques and Software, target countries, and industries to capture the unique aspects of each APT group. By analyzing the connections and overlaps between these features, we can establish a weighted similarity score that quantifies the degree of similarity between different APT groups. This score is crucial in identifying potential associations, subgroups, or shared characteristics among malicious entities. To validate the effectiveness of our approach, we conducted extensive experimental evaluations. The results demonstrated the ability of our method to accurately assess the relationships among APT groups. By utilizing the proposed weighted similarity measurement, we achieved more reliable and unbiased decision-making processes in the field of APT group analysis and clustering. The significance of our research lies in its potential to enhance the understanding of APT group dynamics and improve threat intelligence capabilities. By gaining insights into the similarities and connections between APT groups, cybersecurity professionals can develop more targeted and effective strategies to mitigate and respond to cyber threats. 關鍵字(中) ★ 網絡威脅情報
★ 特徵重要性
★ 加權相似性度量
★ MITRE ATT&CK關鍵字(英) ★ Cyber threat intelligence
★ Feature importance
★ Weighted Similarity Measurement
★ MITRE ATT&ACK論文目次 摘要.................................................................................................................................i
Abstract.......................................................................................................................................ii
致謝...........................................................................................................................................iii
Table of Contents ......................................................................................................................iv
List of Figures.............................................................................................................................v
List of Tables.............................................................................................................................vi
1. Introduction ........................................................................................................................1
2. Background.........................................................................................................................4
2-1 Name Entity Recognition.............................................................................................4
2-2 MITRE ATT&CK........................................................................................................4
2-3 Feature Selection..........................................................................................................5
2-4 Feature Crosses and Feature Concatenate....................................................................5
2-5 Weighted Cosine Similarity .........................................................................................6
2-6 Hierarchical Clustering ................................................................................................7
3. Related Work......................................................................................................................8
3-1 Clustering Cyber threat intelligence.............................................................................8
3-2 Clustering APT groups.................................................................................................9
4. Solution.............................................................................................................................11
5. Experiment ...........................................................................................................................13
5-1 Feature extraction.......................................................................................................13
5-2 Data aggregation ........................................................................................................14
5-3 Ground truth generation .............................................................................................15
5-4 Clustering Method......................................................................................................16
6. Evaluation.............................................................................................................................18
6-1 Feature Selection........................................................................................................18
6-2 Feature crosses ...........................................................................................................19
6-3 Feature concatenate....................................................................................................20
6-4 Mathematical and Machine learning based approaches comparison .........................21
7. Conclusion............................................................................................................................22
References ................................................................................................................................24參考文獻 [1] KURT BAKER,” WHAT IS CYBER THREAT INTELLIGENCE?”, [ONLINE]. AVAILABLE:
HTTPS://WWW.CROWDSTRIKE.COM/CYBERSECURITY-CYBERSECURITY-101/THREAT-INTELLIGENCE/.
[2] D. W. OTTER, J. R. MEDINA AND J. K. KALITA, "A SURVEY OF THE USAGES OF DEEP LEARNING FOR NATURAL
LANGUAGE PROCESSING," IN IEEE TRANSACTIONS ON NEURAL NETWORKS AND LEARNING SYSTEMS, VOL. 32, NO.
2, PP. 604-624, FEB. 2021, DOI: 10.1109/TNNLS.2020.2979670.
[3] CROWDSTRIKE, ”ADVANCED PERSISTENT THREAT (APT),” ACCESSED: 6-10-2023.AVAILABLE:
HTTPS://WWW.CROWDSTRIKE.COM/CYBERSECURITY-101/ADVANCED-PERSISTENT-THREAT-APT/.
[4] C. R. TEAM, FOX KITTEN –WIDESPREAD IRANIAN ESPIONAGE-OFFENSIVE CAMPAIGN. ACCESSED: 6-10-2023.
[5] VIKAS YADAV AND STEVEN BETHARD, “ASURVEY ON RECENT ADVANCES IN NAMED ENTITY RECOGNITION FROM
DEEP LEARNING MODELS,” ARXIV:1910.11470, 2019.
[6] MITRE, ADVERSARIAL TACTICS, TECHNIQUES AND COMMON KNOWLEDGE, ACCESSED: 6-10-2023.
[7] V. COHEN-ADDAD, V. KANADE, F. MALLMANN-TRENN, AND C. MATHIEU, “HIERARCHICAL CLUSTERING:
OBJECTIVE FUNCTIONS AND ALGORITHMS,” 201
[8] ZHAOYUN DING ET AL., “A METHOD FOR DISCOVERING HIDDEN PATTERNS OF CYBERSECURITY KNOWLEDGE BASED
ON HIERARCHICAL CLUSTERING,” IN 2021 IEEE SIXTH INTERNATIONAL CONFERENCE ON DATA SCIENCE IN
CYBERSPACE (DSC), PP. 334–338, 2021.
[9] CHEN FU ET AL., “INTERNET OF THINGS ATTACK GROUP IDENTIFICATION MODEL COMBINED WITH SPECTRAL
CLUSTERING,” IN 2021 IEEE 21ST INTERNATIONAL CONFERENCE ON COMMUNICATION TECHNOLOGY (ICCT), PP.
778–782,2021.
[10] H. FARIDI, S. SRINIVASAGOPALAN AND R. VERMA, "PERFORMANCE EVALUATION OF FEATURES AND CLUSTERING
ALGORITHMS FOR MALWARE," 2018 IEEE INTERNATIONAL CONFERENCE ON DATA MINING WORKSHOPS
(ICDMW), SINGAPORE, 2018, PP. 13-22, DOI: 10.1109/ICDMW.2018.00010.
[11] W.WANG, B. TANG, C. ZHU, B. LIU, A. LI AND Z. DING, "CLUSTERING USING A SIMILARITY MEASURE APPROACH
BASED ON SEMANTIC ANALYSIS OF ADVERSARY BEHAVIORS," 2020 IEEE FIFTH INTERNATIONAL CONFERENCE ON
DATA SCIENCE IN CYBERSPACE (DSC),HONG KONG,CHINA, 2020, PP. 1-7, DOI: 10.1109/DSC50466.2020.9194468.
[12] MANDIANT, “GOING ATOMIC: CLUSTERING AND ASSOCIATING ATTACKER ACTIVITY AT SCALE,” NOV 04, 2021,
ACCESSED 06.10.2023.
[13] KYZHOUHZAU, “BERT-NER,” GITHUB REPOSITORY, 2021.
[14] A. AKBIK, D. BLYTHE, AND R. VOLLGRAF, “CONTEXTUAL STRING EMBEDDINGS FOR SEQUENCE LABELING,” IN
COLING 2018, 27TH INTERNATIONAL CONFERENCE ON COMPUTATIONAL LIN-GUISTICS, PP. 1638–1649, 20
[15] FRAUNHOFER FKIE, “MALPEDIA,” ACCESSED: 2023-06-03. AVAILABLE:
HTTPS://MALPEDIA.CAAD.FKIE.FRAUNHOFER.DE/ .
[16] BURNING UMBRELLA, “AN INTELLIGENCE REPORT ON THE WINNTI UMBRELLA AND ASSOCIATED STATESPONSORED
ATTACKERS, “ ACCESSED: 2023-06-03. AVAILABLE: HTTPS://401TRG.GITHUB.IO/PAGES/BURNINGUMBRELLA.
HTML
[17] TREND MICRO RESEARCH, “OPERATION DRBCONTROL UNCOVERING A CYBERESPIONAGE CAMPAIGN
25
TARGETING GAMBLING COMPANIES IN SOUTHEAST ASIA, “ ACCESSED: 2023-06-03. AVAILABLE:
https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-drbcontrol-uncovering-acyberespionage-
campaign-targeting-gambling-companies-in-southeast-asia
[18] TREND MICRO, “EARTH LUSCA EMPLOYS SOPHISTICATED INFRASTRUCTURE, VARIED TOOLS AND TECHNIQUES,”
ACCESSED: 2023-06-03. [ONLINE]. AVAILABLE: https://www.trendmicro.com/en_id/research/22/a/earth-luscasophisticated-
infrastructure-varied-tools-and-techni.html
[19] DRAGOS, “ALLANITE,” ACCESSED: 2023-06-03. [ONLINE]. AVAILABLE:
HTTPS://WWW.DRAGOS.COM/THREAT/ALLANITE/
[20] MANDIANT, “FIN7 EVOLUTION AND THE PHISHING LNK,” ACCESSED: 2023-06-03. [ONLINE]. AVAILABLE:
HTTPS://WWW.MANDIANT.COM/RESOURCES/BLOG/FIN7-PHISHING-LNK
[21] PETER J. ROUSSEEUW, SILHOUETTES: A GRAPHICAL AID TO THE INTERPRETATION AND VALIDATION OF CLUSTER
ANALYSIS, JOURNAL OF COMPUTATIONAL AND APPLIED MATHEMATICS, VOLUME 20, 1987, PAGES 53-65, ISSN
0377-0427, https://doi.org/10.1016/0377-0427(87)90125-7.
[22] SANTOS, J.M., EMBRECHTS, M. (2009).ON THE USE OF THE ADJUSTED RAND INDEX AS A METRIC FOR EVALUATING
SUPERVISED CLASSIFICATION. IN: ALIPPI, C., POLYCARPOU, M., PANAYIOTOU, C., ELLINAS, G. (EDS) ARTIFICIAL
NEURAL NETWORKS – ICANN2009. ICANN2009. LECTURE NOTES IN COMPUTER SCIENCE, VOL 5769. SPRINGER,
BERLIN, HEIDELBERG. https://doi.org/10.1007/978-3-642-04277-5_18指導教授 吳曉光(Hsiao-kuang Wu) 審核日期 2023-7-24 推文 plurk
funp
live
udn
HD
myshare
netvibes
friend
youpush
delicious
baidu
網路書籤 Google bookmarks
del.icio.us
hemidemi
facebook
twitter
google
reddit