APTChaser: Cyber Threat Attribution via Attack Technique Modeling

APTChaser: Cyber Threat Attribution via Attack Technique Modeling

연구 분야: Safety

학회: International Conference on Digital Forensics and Cyber Crime

Advanced Persistent Threats (APTs) are sophisticated, stealthy, and intentional cyber-attacks that pose critical challenges to the global cybersecurity landscape. Many efforts have been made to combat APTs, among which threat attribution is considered as one of the key pillars. The current popular methods use Tactics, Techniques, and Procedures (TTPs) as feature in the threat attribution task. However, according to our observation, these methods have a problem with feature granularity in representing TTPs, which affects the performance and explainability of threat attribution. In this paper, we propose a method that constructs attack technique schemas through large language models to model the implementation details of attack techniques, which provides more fine-grained features. We also design APTChaser, a system that can automatically construct attack technique schemas, technique profiles, and output threat attribution-aided decision information. We evaluate the performance of APTChaser using the ATT&CK dataset and manually collected threat reports. The results show that compared to our two baseline methods, APTChaser improves the Mean Reciprocal Ranking metrics by 36.5% and 85.9%, respectively. Besides, our case study shows how APTChaser overcomes performance bottlenecks caused by the feature granularity problem and provides more convincing and explainable attribution results, which supports security analysts in making better threat attribution decisions.