Threat Actor Type Inference and Characterization within Cyber Threat Intelligence

by   Vasileios Mavroeidis, et al.

As the cyber threat landscape is constantly becoming increasingly complex and polymorphic, the more critical it becomes to understand the enemy and its modus operandi for anticipatory threat reduction. Even though the cybersecurity community has developed a certain maturity in describing and sharing technical indicators for informing defense components, we still struggle with non-uniform, unstructured, and ambiguous higher-level information such as threat actor context, thereby limiting our ability to correlate with different sources for deriving more contextual, accurate, and relevant intelligence. We see the need to overcome this limitation to increase our ability to produce and better operationalize cyber threat intelligence. Our research demonstrates how commonly agreed-upon controlled vocabularies for characterizing threat actors and their operations can be used to enrich cyber threat intelligence and infer new information at a higher contextual level that is explicable and queryable. In particular, we present an ontological approach for automatically inferring the types of threat actors based on their personas, understanding their nature, and capturing polymorphism and changes in their behavior and characteristics over time. Such an approach not only enables interoperability by providing a structured way and the means for sharing highly contextual cyber threat intelligence but also derives new information at machine speed and minimizes cognitive biases that manual classification approaches entail.



There are no comments yet.


page 9

page 12


Using cyber threat intelligence to support adversary understanding applied to the Russia-Ukraine conflict

In military organizations, Cyber Threat Intelligence (CTI) supports cybe...

Big Fish, Little Fish, Critical Infrastructure: An Analysis of Phineas Fisher and the 'Hacktivist' Threat to Critical Infrastructure

The hacktivist threat actor is listed in many risk decision documents. Y...

On the Integration of Course of Action Playbooks into Shareable Cyber Threat Intelligence

Motivated by the introduction of CACAO, the first open standard that har...

Cybonto: Towards Human Cognitive Digital Twins for Cybersecurity

Cyber defense is reactive and slow. On average, the time-to-remedy is hu...

Adaptive Target Recognition: A Case Study Involving Airport Baggage Screening

This work addresses the question whether it is possible to design a comp...

Enabling Efficient Cyber Threat Hunting With Cyber Threat Intelligence

Log-based cyber threat hunting has emerged as an important solution to c...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.