EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

IPAttributor: Cyber Attacker Attribution with Threat Intelligence-Enriched Intrusion Data

Xiayu Xiang, Hao Liu, Liyi Zeng, Huan Zhang and Zhaoquan Gu ()
Additional contact information
Xiayu Xiang: Department of New Networks, Peng Cheng Laboratory, Shenzhen 518000, China
Hao Liu: School of Computer Science, Harbin Institute of Technology (Shenzhen), Shenzhen 518000, China
Liyi Zeng: Department of New Networks, Peng Cheng Laboratory, Shenzhen 518000, China
Huan Zhang: Department of New Networks, Peng Cheng Laboratory, Shenzhen 518000, China
Zhaoquan Gu: Department of New Networks, Peng Cheng Laboratory, Shenzhen 518000, China

Mathematics, 2024, vol. 12, issue 9, 1-19

Abstract: In the dynamic landscape of cyberspace, organizations face a myriad of coordinated advanced threats that challenge the traditional defense paradigm. Cyber Threat Intelligence (CTI) plays a crucial role, providing in-depth insights into adversary groups and enhancing the detection and neutralization of complex cyber attacks. However, attributing attacks poses significant challenges due to over-reliance on malware samples or network detection data alone, which falls short of comprehensively profiling attackers. This paper proposes an IPv4-based threat attribution model, IPAttributor, that improves attack characterization by merging a real-world network behavior dataset comprising 39,707 intrusion entries with commercial threat intelligence from three distinct sources, offering a more nuanced context. A total of 30 features were utilized from the enriched dataset for each IP to create a feature matrix to assess the similarities and linkage of associated IPs, and a dynamic weighted threat segmentation algorithm was employed to discern attacker communities. The experiments affirm the efficacy of our method in pinpointing attackers sharing a common origin, achieving the highest accuracy of 88.89%. Our study advances the relatively underexplored line of work of cyber attacker attribution, with a specific interest in IP-based attribution strategies, thereby enhancing the overall understanding of the attacker’s group regarding their capabilities and intentions.

Keywords: cyber threat intelligence; attacker attribution; APT; community discovery (search for similar items in EconPapers)
JEL-codes: C (search for similar items in EconPapers)
Date: 2024
References: View complete reference list from CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/2227-7390/12/9/1364/pdf (application/pdf)
https://www.mdpi.com/2227-7390/12/9/1364/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jmathe:v:12:y:2024:i:9:p:1364-:d:1386457

Access Statistics for this article

Mathematics is currently edited by Ms. Emma He

More articles in Mathematics from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:gam:jmathe:v:12:y:2024:i:9:p:1364-:d:1386457