Association Analysis Of Cyber-Attack Attribution Based On Threat Intelligence

This paper presented an association analysis method in cyber-attack attribution based on threat intelligence. The method used the local advantage model to analyse the data related to threat intelligence in cyber-attack attribution by combining the intrusion kill chains model and F2T2EA model. Then, this paper introduced and explained association analysis as well as association analysis flow. This flow was composed of four parts: input, association analysis, constraint analysis and output. Then, four types of association analysis were introduced: based on statistic, based on extension, based on behavior pattern and based on probability similarity. Considering about that association analysis is a cyclic iteration process, hierarchical constraint, object constraint, feedback constraint and merged constraint are recommended in detail. Finally, the proposed association analysis method was used in a real emergency response case of targeted attack. The result of case study showed that we can find out much useful information for cyber-attack attribution association analysis based on threat intelligence.