MVFCC: A Multi-View Fuzzy Consensus Clustering Model for Malware Threat Attribution

Abstract: The rise of emerging cyberthreats has led to a shift of focus on identifying the source of threat instead of the type of attack to provide a more effective defense to compromised environments against malicious acts. The most complex type of cyberthreat is the Advanced Persistent Threat (APT) attack that is usually backed by one or more states and lunched using a range of clandestine techniques aiming at high-value targets. Finding the source of the attackers and the associated campaign behind the threats can l… Show more

“…This concurs with the rest of the field [50,22,58,77,44]. Seven papers consider three alternative ML methods: clustering, anomaly detection and structured prediction techniques [106,66,80,78,7,8,47]. We explore these further as they show promise towards the open-world problem.…”

“…Alrabaee et al [7,8] use convolutional neural networks to cluster author style and then use a classifier to determine if a piece of malware belongs to an author cluster. Finally, Haddadpajouh et al [47] choose a multi-view fuzzy clustering model to group malware into APT groups based on identifying loosely defined patterns among binary artifacts.…”

“…However, "cyber-research" omit the method they used to label the malware hashes from the 29 sources and so researchers have no assurances on the validity of the label. We note Haddadpajouh et al [47] use a subset of [33], focusing on five groups namely APT1, APT3, APT28, APT33, and APT37. In both cases, we observed general issues with creating labeled APT malware datasets:…”

“…Only two dynamic analysis tools were used in total. Rosenberg et al [103,104] and Haddadpajouh et al [47] both use Cuckoo Sandbox [46] and Hendrikse [50] uses DECAF [49]. Unfortunately, the tool used by Hong et al [54] is undisclosed.…”

Identifying Authorship Style in Malicious Binaries: Techniques, Challenges & Datasets

“…This concurs with the rest of the field [50,22,58,77,44]. Seven papers consider three alternative ML methods: clustering, anomaly detection and structured prediction techniques [106,66,80,78,7,8,47]. We explore these further as they show promise towards the open-world problem.…”

“…Alrabaee et al [7,8] use convolutional neural networks to cluster author style and then use a classifier to determine if a piece of malware belongs to an author cluster. Finally, Haddadpajouh et al [47] choose a multi-view fuzzy clustering model to group malware into APT groups based on identifying loosely defined patterns among binary artifacts.…”

“…However, "cyber-research" omit the method they used to label the malware hashes from the 29 sources and so researchers have no assurances on the validity of the label. We note Haddadpajouh et al [47] use a subset of [33], focusing on five groups namely APT1, APT3, APT28, APT33, and APT37. In both cases, we observed general issues with creating labeled APT malware datasets:…”

“…Only two dynamic analysis tools were used in total. Rosenberg et al [103,104] and Haddadpajouh et al [47] both use Cuckoo Sandbox [46] and Hendrikse [50] uses DECAF [49]. Unfortunately, the tool used by Hong et al [54] is undisclosed.…”

Identifying Authorship Style in Malicious Binaries: Techniques, Challenges & Datasets

“…Even encrypted data may be accessed by intruders. An adversary's principal purpose is to get victim-specific personal data [6].…”

Approaches to Federated Computing for the Protection of Patient Privacy and Security Using Medical Applications

Evaluation of Scalable Fair Clustering Machine Learning Methods for Threat Hunting in Cyber-Physical Systems