Expert Insights into Advanced Persistent Threats: Analysis, Attribution, and Challenges

Saha, Aakanksha; Mattei, James; Blasco, Jorge; Cavallaro, Lorenzo; Votipka, Daniel; Lindorfer, Martina

DC Field

Value

Language

dc.contributor.author

Saha, Aakanksha

dc.contributor.author

Mattei, James

dc.contributor.author

Blasco, Jorge

dc.contributor.author

Cavallaro, Lorenzo

dc.contributor.author

Votipka, Daniel

dc.contributor.author

Lindorfer, Martina

dc.date.accessioned

2026-01-07T13:59:39Z

dc.date.available

2026-01-07T13:59:39Z

dc.date.issued

2025-08-13

dc.identifier.citation

<div class="csl-bib-body"> <div class="csl-entry">Saha, A., Mattei, J., Blasco, J., Cavallaro, L., Votipka, D., & Lindorfer, M. (2025). Expert Insights into Advanced Persistent Threats: Analysis, Attribution, and Challenges. In <i>Proceedings of the USENIX Security Symposium (USENIX Sec)</i>. USENIX Security Symposium (USENIX Sec), Seattle, United States of America (the).</div> </div>

dc.identifier.uri

http://hdl.handle.net/20.500.12708/223686

dc.description.abstract

Advanced Persistent Threats (APTs) are sophisticated and targeted threats that demand significant effort from analysts for detection and attribution. Researchers have developed various techniques to support these efforts. However, security practitioners’ perceptions and challenges in analyzing APT- level threats are not yet well understood. To address this gap, we conducted semi-structured interviews with 15 security practitioners across diverse roles and expertise. From the interview responses, we identify a three-layer approach to APT attribution, each having its own goals and challenges. We find that practitioners typically prioritize understanding the adversary’s tactics, techniques, procedures (TTPs), and motivations over identifying the specific entity behind an attack. We also find challenges in existing tools and processes mostly stemming from their inability to handle diverse and complex data and issues with both internal and external collaboration. Based on these findings, we provide four recommendations for improving attribution approaches and discuss how these improvements can address the identified challenges.

dc.description.sponsorship

WWTF Wiener Wissenschafts-, Forschu und Technologiefonds

dc.language.iso

dc.subject

malware

dc.subject

advanced persistant threats

dc.subject

expert study

dc.subject

attribution

dc.subject

cyber threat intelligence

dc.subject

targeted attacks

dc.title

Expert Insights into Advanced Persistent Threats: Analysis, Attribution, and Challenges

dc.type

Inproceedings

dc.type

Konferenzbeitrag

dc.contributor.affiliation

Tufts University, United States of America (the)

dc.contributor.affiliation

Universidad Politécnica de Madrid, Spain

dc.contributor.affiliation

University College London, United Kingdom of Great Britain and Northern Ireland (the)

dc.contributor.affiliation

Tufts University, United States of America (the)

dc.relation.grantno

ICT19-056

dc.type.category

Full-Paper Contribution

tuw.booktitle

Proceedings of the USENIX Security Symposium (USENIX Sec)

tuw.peerreviewed

true

tuw.project.title

IoTIO: Analyse des Internet der Unsicheren Dinge

tuw.researchTopic.id

tuw.researchTopic.name

Information Systems Engineering

tuw.researchTopic.value

100

tuw.linking

https://osf.io/hjdk2/

tuw.publication.orgunit

E192-06 - Forschungsbereich Security and Privacy

tuw.publication.orgunit

E056-10 - Fachbereich SecInt-Secure and Intelligent Human-Centric Digital Technologies

tuw.author.orcid

0000-0002-0484-3596

tuw.author.orcid

0000-0003-4392-9023

tuw.author.orcid

0000-0002-3878-2680

tuw.author.orcid

0000-0001-9985-250X

tuw.author.orcid

0000-0001-7001-4481

tuw.event.name

USENIX Security Symposium (USENIX Sec)

tuw.event.startdate

13-08-2025

tuw.event.enddate

15-12-2025

tuw.event.online

On Site

tuw.event.type

Event for scientific audience

tuw.event.place

Seattle

tuw.event.country

tuw.event.presenter

Saha, Aakanksha

tuw.event.track

Multi Track

wb.sciencebranch

Informatik

wb.sciencebranch

Mathematik

wb.sciencebranch.oefos

1020

wb.sciencebranch.oefos

1010

wb.sciencebranch.value

item.grantfulltext

restricted

item.languageiso639-1

item.cerifentitytype

Publications

item.openairecristype

http://purl.org/coar/resource_type/c_5794

item.fulltext

no Fulltext

item.openairetype

conference paper

crisitem.author.dept

E192-06 - Forschungsbereich Security and Privacy

crisitem.author.dept

Tufts University, United States of America (the)

crisitem.author.dept

Universidad Politécnica de Madrid, Spain

crisitem.author.dept

University College London, United Kingdom of Great Britain and Northern Ireland (the)

crisitem.author.dept

Tufts University, United States of America (the)

crisitem.author.dept

E192-06 - Forschungsbereich Security and Privacy

crisitem.author.orcid

0000-0002-0484-3596

crisitem.author.orcid

0000-0003-4392-9023

crisitem.author.orcid

0000-0002-3878-2680

crisitem.author.orcid

0000-0001-9985-250X

crisitem.author.orcid

0000-0001-7001-4481

crisitem.author.parentorg

E192 - Institut für Logic and Computation

crisitem.author.parentorg

E192 - Institut für Logic and Computation

crisitem.project.funder

WWTF Wiener Wissenschafts-, Forschu und Technologiefonds

crisitem.project.grantno

ICT19-056

Appears in Collections:

Conference Paper

Show simple item record

Page view(s)

checked on Jan 7, 2026

Download(s)

checked on Jan 7, 2026

Google Scholar^TM

Check

Page view(s)

Download(s)

Google ScholarTM

Google Scholar^TM