Version 1
: Received: 16 July 2024 / Approved: 17 July 2024 / Online: 17 July 2024 (10:17:40 CEST)
How to cite:
Gulbay, B.; Demirci, M. A Framework for Developing Strategic Cyber Threat Intelligence from Advanced Persistent Threat Analysis Reports Using Graph-Based Algorithms. Preprints2024, 2024071408. https://doi.org/10.20944/preprints202407.1408.v1
Gulbay, B.; Demirci, M. A Framework for Developing Strategic Cyber Threat Intelligence from Advanced Persistent Threat Analysis Reports Using Graph-Based Algorithms. Preprints 2024, 2024071408. https://doi.org/10.20944/preprints202407.1408.v1
Gulbay, B.; Demirci, M. A Framework for Developing Strategic Cyber Threat Intelligence from Advanced Persistent Threat Analysis Reports Using Graph-Based Algorithms. Preprints2024, 2024071408. https://doi.org/10.20944/preprints202407.1408.v1
APA Style
Gulbay, B., & Demirci, M. (2024). A Framework for Developing Strategic Cyber Threat Intelligence from Advanced Persistent Threat Analysis Reports Using Graph-Based Algorithms. Preprints. https://doi.org/10.20944/preprints202407.1408.v1
Chicago/Turabian Style
Gulbay, B. and Mehmet Demirci. 2024 "A Framework for Developing Strategic Cyber Threat Intelligence from Advanced Persistent Threat Analysis Reports Using Graph-Based Algorithms" Preprints. https://doi.org/10.20944/preprints202407.1408.v1
Abstract
Advanced persistent threat (APT) attacks are sophisticated and organized attacks commonly motivated by political, financial, and strategic objectives. In order to comprehend their tactics, techniques, and procedures (TTP) and indicators, APT reports are valuable sources. While blue teams typically rely on server logs, firewall rules and user authorizations managed in database tables, attackers have a graph-based mindset. In this work, we propose a framework for discovering and evaluating APTs using graph-based algorithms. Cyber threat intelligence (CTI) was extracted from 40,358 pages of APT reports and transformed into a graph. Centrality, community, and similarity analyses were executed on the graph. As a result, critical and influential APT groups and indicators of compromise (IoC) were discovered. Similar attacks and APT groups were revealed. Analysis results were interpreted to create new strategic CTI that can be utilized in future security operations.
Computer Science and Mathematics, Security Systems
Copyright:
This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.