Threat Actor Type Inference and Characterization within Cyber Threat Intelligence

by   Vasileios Mavroeidis, et al.

As the cyber threat landscape is constantly becoming increasingly complex and polymorphic, the more critical it becomes to understand the enemy and its modus operandi for anticipatory threat reduction. Even though the cybersecurity community has developed a certain maturity in describing and sharing technical indicators for informing defense components, we still struggle with non-uniform, unstructured, and ambiguous higher-level information such as threat actor context, thereby limiting our ability to correlate with different sources for deriving more contextual, accurate, and relevant intelligence. We see the need to overcome this limitation to increase our ability to produce and better operationalize cyber threat intelligence. Our research demonstrates how commonly agreed-upon controlled vocabularies for characterizing threat actors and their operations can be used to enrich cyber threat intelligence and infer new information at a higher contextual level that is explicable and queryable. In particular, we present an ontological approach for automatically inferring the types of threat actors based on their personas, understanding their nature, and capturing polymorphism and changes in their behavior and characteristics over time. Such an approach not only enables interoperability by providing a structured way and the means for sharing highly contextual cyber threat intelligence but also derives new information at machine speed and minimizes cognitive biases that manual classification approaches entail.


page 9

page 12


Using cyber threat intelligence to support adversary understanding applied to the Russia-Ukraine conflict

In military organizations, Cyber Threat Intelligence (CTI) supports cybe...

On the Integration of Course of Action Playbooks into Shareable Cyber Threat Intelligence

Motivated by the introduction of CACAO, the first open standard that har...

Towards Effective Cybercrime Intervention

Cybercrimes are on the rise, in part due to technological advancements, ...

Decaying Indicators of Compromise

The steady increase in the volume of indicators of compromise (IoC) as w...

Adaptive Target Recognition: A Case Study Involving Airport Baggage Screening

This work addresses the question whether it is possible to design a comp...

Please sign up or login with your details

Forgot password? Click here to reset