<div class="csl-bib-body">
<div class="csl-entry">Saha, A., Blasco, J., Cavallaro, L., & Lindorfer, M. (2024). ADAPT it! Automating APT Campaign and Group Attribution by Leveraging and Linking Heterogeneous Files. In <i>RAID ’24: Proceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses</i> (pp. 114–129). Association for Computing Machinery. https://doi.org/10.1145/3678890.3678909</div>
</div>
-
dc.identifier.uri
http://hdl.handle.net/20.500.12708/203804
-
dc.description.abstract
Recent years have witnessed a surge in the growth of Advanced Persistent Threats (APTs), with significant challenges to the security landscape, affecting industry, governance, and democracy. The ever- growing number of actors and the complexity of their campaigns have made it difficult for defenders to track and attribute these malicious activities effectively. Traditionally, researchers relied on threat intelligence to track APTs. However, this often led to fragmented information, delays in connecting campaigns with specific threat groups, and misattribution.
In response to these challenges, we introduce ADAPT, a ma- chine learning-based approach for automatically attributing APTs at two levels: (1) the threat campaign level, to identify samples with similar objectives and (2) the threat group level, to identify samples operated by the same entity. ADAPT supports a variety of heterogeneous file types targeting different platforms, includ- ing executables and documents, and uses linking features to find connections between them. We evaluate ADAPT on a reference dataset from MITRE as well as a comprehensive, label-standardized dataset of 6,134 APT samples belonging to 92 threat groups. Using real-world case studies, we demonstrate that ADAPT effectively identifies clusters representing threat campaigns and associates them with their respective groups.
en
dc.description.sponsorship
WWTF Wiener Wissenschafts-, Forschungs- und Technologiefonds
-
dc.language.iso
en
-
dc.rights.uri
http://creativecommons.org/licenses/by/4.0/
-
dc.subject
malware
en
dc.subject
advanced persistent threats (APTs)
en
dc.subject
attribution
en
dc.subject
clustering
en
dc.subject
threat campaigns
en
dc.subject
threat groups
en
dc.subject
malicious documents
en
dc.subject
malicious executables
en
dc.subject
heterogeneous file types
en
dc.title
ADAPT it! Automating APT Campaign and Group Attribution by Leveraging and Linking Heterogeneous Files