Formulation Of Association Rule Mining (ARM) For An Effective Cyber Attack Attribution In Cyber Threat Intelligence (CTI)

Abu, Md Sahrom and Ariffin, Aswami and Yusof, Robiah and Selamat, Siti Rahayu (2021) Formulation Of Association Rule Mining (ARM) For An Effective Cyber Attack Attribution In Cyber Threat Intelligence (CTI). International Journal Of Advanced Computer Science And Applications (IJASCA), 12 (4). pp. 134-143. ISSN 2158-107X

Text
PAPER_18-FORMULATION_OF_ASSOCIATION_RULE_MINING.PDF
Download (467kB)

Official URL: https://thesai.org/Downloads/Volume12No4/Paper_18-...

Abstract

In recent year, an adversary has improved their Tactic, Technique and Procedure (TTPs) in launching cyberattack that make it less predictable, more persistent, resourceful and better funded. So many organisation has opted to use Cyber Threat Intelligence (CTI) in their security posture in attributing cyberattack effectively. However, to fully leverage the massive amount of data in CTI for threat attribution, an organisation needs to spend their focus more on discovering the hidden knowledge behind the voluminous data to produce an effective cyberattack attribution. Hence this paper emphasized on the research of association analysis in CTI process for cyber attack attribution. The aim of this paper is to formulate association ruleset to perform the attribution process in the CTI. The Apriori algorithm is used to formulate association ruleset in association analysis process and is known as the CTI Association Ruleset (CTI-AR). Interestingness measure indicator specially support (s), confidence (c) and lift (l) are used to measure the practicality, validity and filtering the CTI-AR. The results showed that CTI-AR effectively identify the attributes, relationship between attributes and attribution level group of cyberattack in CTI. This research has a high potential of being expanded into cyber threat hunting process in providing a more proactive cybersecurity environment.

Item Type:	Article
Uncontrolled Keywords:	Cyber Threat Intelligence (CTI), Association Rule Mining, Apriori Algorithm, Attribution, Interestingness Measures
Divisions:	Faculty of Information and Communication Technology > Department of System and Computer Communication
Depositing User:	Norfaradilla Idayu Ab. Ghafar
Date Deposited:	20 Dec 2021 13:00
Last Modified:	20 Dec 2021 13:00
URI:	http://eprints.utem.edu.my/id/eprint/25367
Statistic Details:	View Download Statistic

Actions (login required)

View Item