Cyber Threat Inference Focused on Threat Class Sequence With Threat Class Sequence System

Cyber Threat Inference Focused on Threat Class Sequence With Threat Class Sequence System

Cyber threats are becoming increasingly diverse, sophisticated, and intelligent, posing significant challenges in various domains. Among these threats, advanced persistent threat (APT) attacks are particularly concerning because of sustained and intelligent assault tactics. These attacks have a tend...

Full description

Saved in:
Bibliographic Details
Main Authors: Hyoungjun Kim, Jae-Yeol Kim, Kyung-Ho Lee
Format: Article
Language:English
Published: IEEE 2025-01-01
Series:IEEE Access
Subjects:
APT
chain-rule
correlation analysis
cyberattack
real threat datasets
security operations center
Online Access:https://ieeexplore.ieee.org/document/10857319/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Cyber threats are becoming increasingly diverse, sophisticated, and intelligent, posing significant challenges in various domains. Among these threats, advanced persistent threat (APT) attacks are particularly concerning because of sustained and intelligent assault tactics. These attacks have a tendency to continuously expand the scale of the damage during the attack stage. This study developed novel attack-inference techniques for significantly minimizing cyberattack damage. By proactively identifying potential additional attacks, the impact of APT attacks is mitigated. Cyberattack points are anticipated, and attack types are discerned using the compositional patterns of pretrained threat payloads and the continuous correlations inherent in these attacks. The cyber-threat inference method minimizes damage through early detection and blocking of successive attacks using a threat class sequence system (TCSS). Experiments were conducted using 12,054,842,738,181 extensive real-world security device events collected by more than 420 companies. To assess the efficacy of TCSS in detecting connected attacks, a 39-month threat dataset comprising 27,832,130 instances manually analyzed by real-world security analysts was utilized. The analysis confirmed the necessity of TCSS, revealing it could identify 63.99% of successive attack patterns. Various experimental results demonstrate the superiority of TCSS over comparable methods, achieving an impressive 98.73% post-connection attack detection rate. TCSS outperformed other similar methods in terms of true positive rate by 15.62% to 3.37%. By preemptively blocking persistent cyber threats, TCSS is highly effective in minimizing cyberattack damage. In particular, TCSS shows promising potential for proactive defense of cyberattacks, including APT in security operations center goals.
ISSN:2169-3536

Similar Items