Biblio

Recently, most of the processes are being computerized, due to the development of information and communication technology. In proportion to this, cyber-attacks are also increasing, and state-sponsored cyber-attacks are becoming a great threat to the country. These attacks are often composed of stages and proceed step-by-step, so for defense, it is necessary to predict the next action and perform appropriate mitigation. To this end, the paper proposes a mitigation-based performance evaluation method. We developed the new true positive which can have a value between 0 and 1 according to the mitigation. The experiment result and case studies show that the proposed method can effectively measure forecasting results under cyber security defense system.

Tactics Techniques and Procedures (TTPs) in cyber domain is an important threat information that describes the behavior and attack patterns of an adversary. Timely identification of associations between TTPs can lead to effective strategy for diagnosing the Cyber Threat Actors (CTAs) and their attack vectors. This study profiles the prevalence and regularities in the TTPs of CTAs. We developed a machine learning-based framework that takes as input Cyber Threat Intelligence (CTI) documents, selects the most prevalent TTPs with high information gain as features and based on them mine interesting regularities between TTPs using Association Rule Mining (ARM). We evaluated the proposed framework with publicly available TTPbased CTI documents. The results show that there are 28 TTPs more prevalent than the other TTPs. Our system identified 155 interesting association rules among the TTPs of CTAs. A summary of these rules is given to effectively investigate threats in the network.