MVFCC: A Multi-View Fuzzy Consensus Clustering Model for Malware Threat Attribution

The rise of emerging cyberthreats has led to a shift of focus on identifying the source of threat instead of the type of attack to provide a more effective defense to compromised environments against malicious acts. The most complex type of cyberthreat is the Advanced Persistent Threat (APT) attack that is usually backed by one or more states and lunched using a range of clandestine techniques aiming at high-value targets. Finding the source of the attackers and the associated campaign behind the threats can lead to taking an optimum defense decision in a more timely fashion. Threat attribution is an act of attributing an attack to the source of the attack. Threat attribution can not be fully achieved by a single piece of evidence (i.e. single view) from malicious actors as the evidence could get obfuscated by the actor to evade the detection mechanism. In this article, we propose a multi-view fuzzy consensus clustering model for attributing cyber threat payloads (malware) to its actor. We conduct over 4000 experiments to find out the best combinations of all 12 extracted views for the attribution task. Our experiments use five well-know APT families payloads. To avoid bias in the results, we apply a fuzzy pattern tree and multi-modal fuzzy classifier for our inference engines of all views. To define an optimum distinction among the malicious actor’s behavior we implemented the consensus clustering technique. The comparison analysis of a single-view versus multi-view result justifies a significant improvement in the accuracy rate of attribution for all actors. The obtained results from the multi-view aspect of our proposed model give 95.2% accuracy.

[1]  Henry Leung,et al.  A Deep and Scalable Unsupervised Machine Learning System for Cyber-Attack Detection in Large-Scale Smart Grids , 2019, IEEE Access.

[2]  Eyke Hüllermeier,et al.  Top-Down Induction of Fuzzy Pattern Trees , 2011, IEEE Transactions on Fuzzy Systems.

[3]  Eric W. Burger,et al.  Taxonomy Model for Cyber Threat Intelligence Information Exchange Technologies , 2014, WISCS '14.

[4]  Marc Dacier,et al.  Addressing the attack attribution problem using knowledge discovery and multi-criteria fuzzy decision-making , 2009, CSI-KDD '09.

[5]  Ali Dehghantanha,et al.  Fuzzy pattern tree for edge malware detection and categorization in IoT , 2019, J. Syst. Archit..

[6]  Yanchun Zhang,et al.  Fuzzy Consensus Clustering With Applications on Big Data , 2017, IEEE Transactions on Fuzzy Systems.

[7]  Chang-Dong Wang,et al.  Robust Ensemble Clustering Using Probability Trajectories , 2016, IEEE Transactions on Knowledge and Data Engineering.

[8]  Donato Malerba,et al.  Clustering-Aided Multi-View Classification: A Case Study on Android Malware Detection , 2020, Journal of Intelligent Information Systems.

[9]  A. M. Hay,et al.  The derivation of global estimates from a confusion matrix , 1988 .

[10]  Reza M. Parizi,et al.  AI4SAFE-IoT: an AI-powered secure architecture for edge layer of Internet of things , 2020, Neural Computing and Applications.

[11]  David A. Landgrebe,et al.  A survey of decision tree classifier methodology , 1991, IEEE Trans. Syst. Man Cybern..

[12]  Milton Pividori,et al.  Diversity control for improving the analysis of consensus clustering , 2016, Inf. Sci..

[13]  Kim-Kwang Raymond Choo,et al.  A machine learning-based FinTech cyber threat attribution framework using high-level indicators of compromise , 2019, Future Gener. Comput. Syst..

[14]  Saeid Abbasbandy,et al.  A new approach for ranking of trapezoidal fuzzy numbers , 2009, Comput. Math. Appl..

[15]  Chang-Dong Wang,et al.  Locally Weighted Ensemble Clustering , 2016, IEEE Transactions on Cybernetics.

[16]  Giuseppe Bonaccorso,et al.  Mastering Machine Learning Algorithms , 2018 .

[17]  Je-Won Kang,et al.  Intrusion Detection System Using Deep Neural Network for In-Vehicle Network Security , 2016, PloS one.

[18]  Chang-Dong Wang,et al.  Enhanced Ensemble Clustering via Fast Propagation of Cluster-Wise Similarities , 2018, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[19]  Gautam Srivastava,et al.  Malware Elimination Impact on Dynamic Analysis: An Experimental Machine Learning Approach , 2020, Handbook of Big Data Privacy.

[20]  Ali Dehghantanha,et al.  A deep Recurrent Neural Network based approach for Internet of Things malware threat hunting , 2018, Future Gener. Comput. Syst..

[21]  Marc Dacier,et al.  On a multicriteria clustering approach for attack attribution , 2010, SKDD.