A Machine Learning based Empirical Evaluation of Cyber Threat Actors High Level Attack Patterns over Low level Attack Patterns in Attributing Attacks

Cyber threat attribution is the process of identifying the actor of an attack incident in cyberspace. An accurate and timely threat attribution plays an important role in deterring future attacks by applying appropriate and timely defense mechanisms. Manual analysis of attack patterns gathered by honeypot deployments, intrusion detection systems, firewalls, and via trace-back procedures is still the preferred method of security analysts for cyber threat attribution. Such attack patterns are low-level Indicators of Compromise (IOC). They represent Tactics, Techniques, Procedures (TTP), and software tools used by the adversaries in their campaigns. The adversaries rarely re-use them. They can also be manipulated, resulting in false and unfair attribution. To empirically evaluate and compare the effectiveness of both kinds of IOC, there are two problems that need to be addressed. The first problem is that in recent research works, the ineffectiveness of low-level IOC for cyber threat attribution has been discussed intuitively. An empirical evaluation for the measure of the effectiveness of low-level IOC based on a real-world dataset is missing. The second problem is that the available dataset for high-level IOC has a single instance for each predictive class label that cannot be used directly for training machine learning models. To address these problems in this research work, we empirically evaluate the effectiveness of low-level IOC based on a real-world dataset that is specifically built for comparative analysis with high-level IOC. The experimental results show that the high-level IOC trained models effectively attribute cyberattacks with an accuracy of 95% as compared to the low-level IOC trained models where accuracy is 40%.Comment: 20 page

APT-MMF: An advanced persistent threat actor attribution method based on multimodal and multilevel feature fusion

Threat actor attribution is a crucial defense strategy for combating advanced persistent threats (APTs). Cyber threat intelligence (CTI), which involves analyzing multisource heterogeneous data from APTs, plays an important role in APT actor attribution. The current attribution methods extract features from different CTI perspectives and employ machine learning models to classify CTI reports according to their threat actors. However, these methods usually extract only one kind of feature and ignore heterogeneous information, especially the attributes and relations of indicators of compromise (IOCs), which form the core of CTI. To address these problems, we propose an APT actor attribution method based on multimodal and multilevel feature fusion (APT-MMF). First, we leverage a heterogeneous attributed graph to characterize APT reports and their IOC information. Then, we extract and fuse multimodal features, including attribute type features, natural language text features and topological relationship features, to construct comprehensive node representations. Furthermore, we design multilevel heterogeneous graph attention networks to learn the deep hidden features of APT report nodes; these networks integrate IOC type-level, metapath-based neighbor node-level, and metapath semantic-level attention. Utilizing multisource threat intelligence, we construct a heterogeneous attributed graph dataset for verification purposes. The experimental results show that our method not only outperforms the existing methods but also demonstrates its good interpretability for attribution analysis tasks

DMAPT: Study of Data Mining and Machine Learning Techniques in Advanced Persistent Threat Attribution and Detection

Modern-day malware is intelligent enough to hide its presence and perform stealthy operations in the background. Advance Persistent Threat (APT) is one such kind of malware attack on sensitive corporate and banking networks to stay there for a long time undetected. In real-time corporate networks, identifying the presence of intruders is a big challenging task for security experts. Recent APT attacks like Carbanak, The Big Bang, and Red Echo attack (targeting the Indian power sector) are ringing alarms globally. New data exfiltration methods and advancements in malware techniques are the two main reasons for rapid and robust APT evolution. Although many traditional and hybrid methods are available to detect this stealthy malware, the number of target-specific attacks are increasing rapidly at global level. Attackers have been crafting payloads resistant to malware sandbox environments so that traditional sandboxing techniques may not work with these APT malware detection. In this paper, we shed light on various Data Mining, Machine Learning techniques and frameworks used in both Attribution and Detection of APT malware. Added to this, our work highlight GAP analysis and need for paradigm shift in existing techniques to deal with evolving modern APT malware

The Computational System To Classify Cyber Crime Offenses With Twitter Dataset Using Effdt Classification

The Rapid growth of the Internet in the current decade enables the users to access the internet for day-to-day activities. People access the internet for many purposes: entertainment, Transactions, educational purposes and business. On the other hand cyber-crime has increased equally in terms of handling the massive data in the cloud using the access failures. Cyber-crimes are eventually increasing and reducing cyber-attacks for the data stored in the cloud. Existing framework and approaches fail to control the cybercrime attacks and thus many officers are increased because of the predictive control failure. The present study is focused on developing an effective computational method using a machine learning algorithm to analyze the cybercrime rate and to classify the cybercrimes. The system utilized Natural Language Processing (NLP) is used to process the text data. The particle Swarm Optimization algorithm is used to extract the features from the text stop. The main process involved here is the end sampled feed forward decision tree algorithm used to classify the text where any cyber assault are injected into the text. The main operation is to remove the read and features in the text and classifies the existing test text data Using SVM classifier and K nearest neighbor classifier in order to obtain the efficient classifier

Cybercrime dan Cybersecurity pada Fintech: Sebuah Tinjauan Pustaka Sistematis

This study is intended to determine the cybercrime challenges faced by the fintech industry as well as anticipatory actions in the form of cybersecurity to overcome these challenges. This study employs a systematic literature review method from various articles discussing cybercrime and cybersecurity in fintech that were published in reputable online databases. The findings indicate that cybercrime problems in fintech consist of cybercrime regulations that are not strict, data and information theft, and intellectual property theft in which impacting on the reputation of fintech. Cybersecurity as an attempt to tackle cybercrime in fintech can be performed through proactive action, strengthening regulations, and establishing a reliable cybersecurity framework or procedure. The implications of this research are as an additional reference for academics, practitioners, regulators, and fintech actors related to the fast pace development of cybercrime and cybersecurity in fintech. The limitation of this study is that it only provides an overview and elaborate the results of prior studies instead of provide a further analysis of the relationship between the articles discussed. Recommendations for further research are to increase the scope of the articles studied or apply other literature review methods or conduct empirical research to confirm the results of this study

Artificial Intelligence & Machine Learning in Finance: A literature review

In the 2020s, Artificial Intelligence (AI) has been increasingly becoming a dominant technology, and thanks to new computer technologies, Machine Learning (ML) has also experienced remarkable growth in recent years; however, Artificial Intelligence (AI) needs notable data scientist and engineers’ innovation to evolve. Hence, in this paper, we aim to infer the intellectual development of AI and ML in finance research, adopting a scoping review combined with an embedded review to pursue and scrutinize the services of these concepts. For a technical literature review, we goose-step the five stages of the scoping review methodology along with Donthu et al.’s (2021) bibliometric review method. This article highlights the trends in AI and ML applications (from 1989 to 2022) in the financial field of both developed and emerging countries. The main purpose is to emphasize the minutiae of several types of research that elucidate the employment of AI and ML in finance. The findings of our study are summarized and developed into seven fields: (1) Portfolio Management and Robo-Advisory, (2) Risk Management and Financial Distress (3), Financial Fraud Detection and Anti-money laundering, (4) Sentiment Analysis and Investor Behaviour, (5) Algorithmic Stock Market Prediction and High-frequency Trading, (6) Data Protection and Cybersecurity, (7) Big Data Analytics, Blockchain, FinTech. Further, we demonstrate in each field, how research in AI and ML enhances the current financial sector, as well as their contribution in terms of possibilities and solutions for myriad financial institutions and organizations. We conclude with a global map review of 110 documents per the seven fields of AI and ML application.   Keywords: Artificial Intelligence, Machine Learning, Finance, Scoping review, Casablanca Exchange Market. JEL Classification: C80 Paper type: Theoretical ResearchIn the 2020s, Artificial Intelligence (AI) has been increasingly becoming a dominant technology, and thanks to new computer technologies, Machine Learning (ML) has also experienced remarkable growth in recent years; however, Artificial Intelligence (AI) needs notable data scientist and engineers’ innovation to evolve. Hence, in this paper, we aim to infer the intellectual development of AI and ML in finance research, adopting a scoping review combined with an embedded review to pursue and scrutinize the services of these concepts. For a technical literature review, we goose-step the five stages of the scoping review methodology along with Donthu et al.’s (2021) bibliometric review method. This article highlights the trends in AI and ML applications (from 1989 to 2022) in the financial field of both developed and emerging countries. The main purpose is to emphasize the minutiae of several types of research that elucidate the employment of AI and ML in finance. The findings of our study are summarized and developed into seven fields: (1) Portfolio Management and Robo-Advisory, (2) Risk Management and Financial Distress (3), Financial Fraud Detection and Anti-money laundering, (4) Sentiment Analysis and Investor Behaviour, (5) Algorithmic Stock Market Prediction and High-frequency Trading, (6) Data Protection and Cybersecurity, (7) Big Data Analytics, Blockchain, FinTech. Further, we demonstrate in each field, how research in AI and ML enhances the current financial sector, as well as their contribution in terms of possibilities and solutions for myriad financial institutions and organizations. We conclude with a global map review of 110 documents per the seven fields of AI and ML application.   Keywords: Artificial Intelligence, Machine Learning, Finance, Scoping review, Casablanca Exchange Market. JEL Classification: C80 Paper type: Theoretical Researc

Financial Technology dalam Industri Finansial: Survey Paper

Pada makalah ini akan menjelaskan kegunaan serta pengertian dan kegunaan mengenai financial technology dalam industri keuangan. Dalam bidang keuangan banyak yang menggunakannya sebagai inovasi. Fintech merupakan sebuah istilah baru terhadap sebuah teknologi maju yang memanfaatkan internet. Financial Technology juga mampu membantu layanan untuk mengelola keuangan dengan memanfaatkan digital berupa data besar, rantai blok dan investasi dalam bidang keuangan. Dalam studi ini menyimpulkan bahwa dalam penerapan Financial Technology terdapat teknology yang dapat membantu dalam pelayanan untuk algoritmanya menggunakan Artifical intelligence (AI), mengetahui perilaku pelangkan menggunakan Big Data dan Blockchain untuk menghubungkan jaringan yang ikut untuk membantu pelayanan

Malware: the never-ending arm race

"Antivirus is death"' and probably every detection system that focuses on a single strategy for indicators of compromise. This famous quote that Brian Dye --Symantec's senior vice president-- stated in 2014 is the best representation of the current situation with malware detection and mitigation. Concealment strategies evolved significantly during the last years, not just like the classical ones based on polimorphic and metamorphic methodologies, which killed the signature-based detection that antiviruses use, but also the capabilities to fileless malware, i.e. malware only resident in volatile memory that makes every disk analysis senseless. This review provides a historical background of different concealment strategies introduced to protect malicious --and not necessarily malicious-- software from different detection or analysis techniques. It will cover binary, static and dynamic analysis, and also new strategies based on machine learning from both perspectives, the attackers and the defenders

Digital Weapons of Mass Destablization

In the coming decade, a global proliferation of networked technologies will widen the cyber threat landscape. Pairing new and unforeseen cyber vulnerabilities with weapons of mass destruction (WMD) increases the secondary threats that cyber attacks bring and also necessitates a shift in definitions. WMD will become weapons of mass destabilization, allowing adversaries to gain strategic advantage in novel ways. Altering this definition provides clarity and specific actions that can be taken to disrupt, mitigate and recover from this combined threat. Additionally, a new class of Digital WMD (DWMD) will emerge, threatening military, government, and civilian targets worldwide. These combined and new threats will require the expansion of current defensive or mitigation activities, partnerships, and preparationhttps://digitalcommons.usmalibrary.org/aci_books/1035/thumbnail.jp