An Approach for Intelligent Behaviour-Based Threat Modelling with Explanations
2023 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)(2023)
摘要
To disrupt the emergence of novel threats, defenders must obtain insights into the attacker's behaviours through Tactics, Techniques, and Procedures (TTP) to establish adequate countermeasures. However, albeit detecting the usage of a subset of techniques is well documented and investigated, understanding the chaining of these techniques into a complete set of attack scenarios remains a manned process, prone to errors in complex and dynamic environments, such as software networks. In this paper, we propose a hybrid model for threat behaviour profiling. Our model exploits multimodal threat data using diverse realtime logs from virtualised environments to generate a novel dataset that maximises the explainability of a technique. Once a set of techniques is qualified, we leverage attack graphs and AI model explanations to correlate techniques usage into attack scenarios describing a complete behaviour from a threat actor. Our proposed approach is generalizable to distributed and heterogeneous environments, making it a promising method against ever-evolving threats.
更多查看译文
关键词
Cyber-Threat Intelligence,Behaviour Modelling,Attack Graphs,Explainability,Correlation
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要