Threat intelligence attribution method based on graph attention mechanism

被引：0

作者：

Wang, Ting ^{[1
,2
]}

Yan, Hanbing ^{[2
]}

Lang, Bo ^{[1
]}

机构：

[1] School of Computer Science and Engineering, Beihang University, Beijing

[2] National Computer Network Emergency Response Technical Team, Coordination Center of China, Beijing

来源：

Beijing Hangkong Hangtian Daxue Xuebao/Journal of Beijing University of Aeronautics and Astronautics | 2024年 / 50卷 / 07期

关键词：

advanced persistent threat organization; attack source tracing; graph attention mechanism; knowledge graph; threat intelligence;

D O I：

10.13700/j.bh.1001-5965.2022.0590

中图分类号：

学科分类号：

摘要：

Threat intelligence correlation analysis has become an effective way to trace the source of cyber attacks. The threat intelligence analysis reports of different advanced persistent threat (APT) organizations were crawled from the public threat intelligence sources, and a threat intelligence report classification method based on graph attention mechanism was proposed, which was to detect whether the newly generated threat intelligence analysis report categories were known attack organizations, so as to facilitate further expert analysis. By designing a threat intelligence knowledge graph, extracting tactical and technical intelligence, mining the attributes of malicious samples, IPs and domain names, constructing a complex network, and using the graph attention neural network to classify the threat intelligence reporting nodes. Evaluation indicates that the method can achieve an accuracy rate of 78% while considering the uneven distribution of categories, which can effectively achieve the purpose of judging the organization to which the threat intelligence report belongs. © 2024 Beijing University of Aeronautics and Astronautics (BUAA). All rights reserved.

引用

页码：2293 / 2303

页数：10

共 29 条

[11] CAI Y., Research and implementation of Trojan detection technology base on network behavior analysis, (2016)
[12] PERRY L, SHAPIRA B, PUZIS R., NO-DOUBT: Attack attribution based on threat intelligence reports, Proceedings of the IEEE International Conference on Intelligence and Security Informatics, pp. 80-85, (2019)
[13] NAVEEN S, PUZIS R, ANGAPPAN K., Deep learning for threat actor attribution from threat reports, Proceedings of the International Conference on Computer, Communication and Signal Processing, pp. 1-6, (2020)
[14] DING Z Y, LIU K, LIU B, Et al., Survey of cyber security knowledge graph, Journal of Huazhong University of Science and Technology (Natural Science Edition), 49, 7, pp. 79-91, (2021)
[15] YANG P A, LIU B X, DU X Y., Portrait analysis of threat intelligence for attack recognition, Computer Engineering, 46, 1, pp. 136-143, (2020)
[16] LI X, LIAN Y F, ZHANG H X, Et al., Key technologies of cyber security knowledge graph, Frontiers of Data & Computing, 3, 3, pp. 9-18, (2021)
[17] LIU Q, ZHU P C., End-to-end threat intelligence knowledge graph construction method based on joint learning, Modern Computer, 16, pp. 16-21, (2021)
[18] LI T., Research on key technologies for construction and application of threat intelligence knowledge graph, pp. 21-74, (2020)
[19] WANG Y Q., Research and implementation of NSSA technology based on knowledge graph, pp. 18-68, (2020)
[20] LU X F, ZHOU X, WANG W T, Et al., Domain-oriented topic discovery based on features extraction and topic clustering, IEEE Access, 8, pp. 93648-93662, (2020)

← 1 2 3 →