Proceedings of the 2017 2nd Joint International Information Technology, Mechanical and Electronic Engineering Conference (JIMEC 2017)

<Previous Article In Volume
Next Article In Volume>

Association Analysis Of Cyber-Attack Attribution Based On Threat Intelligence

Authors
Qiang Li, Zeming Yang, Zhengwei Jiang, Baoxu Liu, Yuxia Fu
Corresponding Author
Qiang Li
Available Online October 2017.
DOI
10.2991/jimec-17.2017.49How to use a DOI?
Keywords
Association Analysis; Threat Intelligence; Cyber-attack Attribution; Constraint Analysis
Abstract

This paper presented an association analysis method in cyber-attack attribution based on threat intelligence. The method used the local advantage model to analyse the data related to threat intelligence in cyber-attack attribution by combining the intrusion kill chains model and F2T2EA model. Then, this paper introduced and explained association analysis as well as association analysis flow. This flow was composed of four parts: input, association analysis, constraint analysis and output. Then, four types of association analysis were introduced: based on statistic, based on extension, based on behavior pattern and based on probability similarity. Considering about that association analysis is a cyclic iteration process, hierarchical constraint, object constraint, feedback constraint and merged constraint are recommended in detail. Finally, the proposed association analysis method was used in a real emergency response case of targeted attack. The result of case study showed that we can find out much useful information for cyber-attack attribution association analysis based on threat intelligence.

Copyright
© 2017, the Authors. Published by Atlantis Press.
Open Access
This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Download article (PDF)

<Previous Article In Volume
Next Article In Volume>
Volume Title
Proceedings of the 2017 2nd Joint International Information Technology, Mechanical and Electronic Engineering Conference (JIMEC 2017)
Series
Advances in Computer Science Research
Publication Date
October 2017
ISBN
10.2991/jimec-17.2017.49
ISSN
2352-538X
DOI
10.2991/jimec-17.2017.49How to use a DOI?
Copyright
© 2017, the Authors. Published by Atlantis Press.
Open Access
This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Cite this article

risenwbib
TY  - CONF
AU  - Qiang Li
AU  - Zeming Yang
AU  - Zhengwei Jiang
AU  - Baoxu Liu
AU  - Yuxia Fu
PY  - 2017/10
DA  - 2017/10
TI  - Association Analysis Of Cyber-Attack Attribution Based On Threat Intelligence
BT  - Proceedings of the 2017 2nd Joint International Information Technology, Mechanical and Electronic Engineering Conference (JIMEC 2017)
PB  - Atlantis Press
SP  - 222
EP  - 230
SN  - 2352-538X
UR  - https://doi.org/10.2991/jimec-17.2017.49
DO  - 10.2991/jimec-17.2017.49
ID  - Li2017/10
ER  -