Clustering Using a Similarity Measure Approach Based on Semantic Analysis of Adversary Behaviors
Title | Clustering Using a Similarity Measure Approach Based on Semantic Analysis of Adversary Behaviors |
Publication Type | Conference Paper |
Year of Publication | 2020 |
Authors | Wang, W., Tang, B., Zhu, C., Liu, B., Li, A., Ding, Z. |
Conference Name | 2020 IEEE Fifth International Conference on Data Science in Cyberspace (DSC) |
Date Published | July 2020 |
Publisher | IEEE |
ISBN Number | 978-1-7281-9558-2 |
Keywords | adversary behaviors, Adversary Models, Analytical models, APT groups, Biological system modeling, Community discovery, community groups, complex networks, Human Behavior, Knowledge engineering, Meta path, Metrics, pattern clustering, pubcrawl, resilience, Resiliency, Scalability, security, security analysts, security of data, semantic analysis, semantic links, Semantics, shared information, similarity degree, similarity measure, similarity measure approach, Software, Standards, statistical characteristics, threat intelligence, three-layer model, tracking attacks |
Abstract | Rapidly growing shared information for threat intelligence not only helps security analysts reduce time on tracking attacks, but also bring possibilities to research on adversaries' thinking and decisions, which is important for the further analysis of attackers' habits and preferences. In this paper, we analyze current models and frameworks used in threat intelligence that suited to different modeling goals, and propose a three-layer model (Goal, Behavior, Capability) to study the statistical characteristics of APT groups. Based on the proposed model, we construct a knowledge network composed of adversary behaviors, and introduce a similarity measure approach to capture similarity degree by considering different semantic links between groups. After calculating similarity degrees, we take advantage of Girvan-Newman algorithm to discover community groups, clustering result shows that community structures and boundaries do exist by analyzing the behavior of APT groups. |
URL | https://ieeexplore.ieee.org/document/9194468 |
DOI | 10.1109/DSC50466.2020.9194468 |
Citation Key | wang_clustering_2020 |
- similarity measure
- security
- security analysts
- security of data
- semantic analysis
- semantic links
- Semantics
- shared information
- similarity degree
- Scalability
- similarity measure approach
- Software
- standards
- statistical characteristics
- threat intelligence
- three-layer model
- tracking attacks
- adversary behaviors
- Resiliency
- resilience
- pubcrawl
- pattern clustering
- Metrics
- Meta path
- Knowledge engineering
- Human behavior
- complex networks
- community groups
- Community discovery
- Biological system modeling
- APT groups
- Analytical models
- Adversary Models