Cyber Threat Inference Focused on Threat Class Sequence With Threat Class Sequence System
Cyber threats are becoming increasingly diverse, sophisticated, and intelligent, posing significant challenges in various domains. Among these threats, advanced persistent threat (APT) attacks are particularly concerning because of sustained and intelligent assault tactics. These attacks have a tend...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10857319/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832088074143662080 |
|---|---|
| author | Hyoungjun Kim Jae-Yeol Kim Kyung-Ho Lee |
| author_facet | Hyoungjun Kim Jae-Yeol Kim Kyung-Ho Lee |
| author_sort | Hyoungjun Kim |
| collection | DOAJ |
| description | Cyber threats are becoming increasingly diverse, sophisticated, and intelligent, posing significant challenges in various domains. Among these threats, advanced persistent threat (APT) attacks are particularly concerning because of sustained and intelligent assault tactics. These attacks have a tendency to continuously expand the scale of the damage during the attack stage. This study developed novel attack-inference techniques for significantly minimizing cyberattack damage. By proactively identifying potential additional attacks, the impact of APT attacks is mitigated. Cyberattack points are anticipated, and attack types are discerned using the compositional patterns of pretrained threat payloads and the continuous correlations inherent in these attacks. The cyber-threat inference method minimizes damage through early detection and blocking of successive attacks using a threat class sequence system (TCSS). Experiments were conducted using 12,054,842,738,181 extensive real-world security device events collected by more than 420 companies. To assess the efficacy of TCSS in detecting connected attacks, a 39-month threat dataset comprising 27,832,130 instances manually analyzed by real-world security analysts was utilized. The analysis confirmed the necessity of TCSS, revealing it could identify 63.99% of successive attack patterns. Various experimental results demonstrate the superiority of TCSS over comparable methods, achieving an impressive 98.73% post-connection attack detection rate. TCSS outperformed other similar methods in terms of true positive rate by 15.62% to 3.37%. By preemptively blocking persistent cyber threats, TCSS is highly effective in minimizing cyberattack damage. In particular, TCSS shows promising potential for proactive defense of cyberattacks, including APT in security operations center goals. |
| format | Article |
| id | doaj-art-c14410121604480a8a88c62b49812849 |
| institution | Kabale University |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-c14410121604480a8a88c62b498128492025-02-06T00:00:29ZengIEEEIEEE Access2169-35362025-01-0113216652167710.1109/ACCESS.2025.353601110857319Cyber Threat Inference Focused on Threat Class Sequence With Threat Class Sequence SystemHyoungjun Kim0https://orcid.org/0009-0009-6612-8537Jae-Yeol Kim1https://orcid.org/0009-0007-7363-9621Kyung-Ho Lee2https://orcid.org/0000-0002-5183-5927Graduate School of Information Security, Korea University, Seoul, South KoreaGraduate School of Public Policy and Information Technology, Seoul National University of Science and Technology, Seoul, South KoreaGraduate School of Information Security, Korea University, Seoul, South KoreaCyber threats are becoming increasingly diverse, sophisticated, and intelligent, posing significant challenges in various domains. Among these threats, advanced persistent threat (APT) attacks are particularly concerning because of sustained and intelligent assault tactics. These attacks have a tendency to continuously expand the scale of the damage during the attack stage. This study developed novel attack-inference techniques for significantly minimizing cyberattack damage. By proactively identifying potential additional attacks, the impact of APT attacks is mitigated. Cyberattack points are anticipated, and attack types are discerned using the compositional patterns of pretrained threat payloads and the continuous correlations inherent in these attacks. The cyber-threat inference method minimizes damage through early detection and blocking of successive attacks using a threat class sequence system (TCSS). Experiments were conducted using 12,054,842,738,181 extensive real-world security device events collected by more than 420 companies. To assess the efficacy of TCSS in detecting connected attacks, a 39-month threat dataset comprising 27,832,130 instances manually analyzed by real-world security analysts was utilized. The analysis confirmed the necessity of TCSS, revealing it could identify 63.99% of successive attack patterns. Various experimental results demonstrate the superiority of TCSS over comparable methods, achieving an impressive 98.73% post-connection attack detection rate. TCSS outperformed other similar methods in terms of true positive rate by 15.62% to 3.37%. By preemptively blocking persistent cyber threats, TCSS is highly effective in minimizing cyberattack damage. In particular, TCSS shows promising potential for proactive defense of cyberattacks, including APT in security operations center goals.https://ieeexplore.ieee.org/document/10857319/APTchain-rulecorrelation analysiscyberattackreal threat datasetssecurity operations center |
| spellingShingle | Hyoungjun Kim Jae-Yeol Kim Kyung-Ho Lee Cyber Threat Inference Focused on Threat Class Sequence With Threat Class Sequence System IEEE Access APT chain-rule correlation analysis cyberattack real threat datasets security operations center |
| title | Cyber Threat Inference Focused on Threat Class Sequence With Threat Class Sequence System |
| title_full | Cyber Threat Inference Focused on Threat Class Sequence With Threat Class Sequence System |
| title_fullStr | Cyber Threat Inference Focused on Threat Class Sequence With Threat Class Sequence System |
| title_full_unstemmed | Cyber Threat Inference Focused on Threat Class Sequence With Threat Class Sequence System |
| title_short | Cyber Threat Inference Focused on Threat Class Sequence With Threat Class Sequence System |
| title_sort | cyber threat inference focused on threat class sequence with threat class sequence system |
| topic | APT chain-rule correlation analysis cyberattack real threat datasets security operations center |
| url | https://ieeexplore.ieee.org/document/10857319/ |
| work_keys_str_mv | AT hyoungjunkim cyberthreatinferencefocusedonthreatclasssequencewiththreatclasssequencesystem AT jaeyeolkim cyberthreatinferencefocusedonthreatclasssequencewiththreatclasssequencesystem AT kyungholee cyberthreatinferencefocusedonthreatclasssequencewiththreatclasssequencesystem |