DOI: 10.14569/IJACSA.2021.0120418

Formulation of Association Rule Mining (ARM) for an Effective Cyber Attack Attribution in Cyber Threat Intelligence (CTI)

Author 1: Md Sahrom Abu
Author 2: Siti Rahayu Selamat
Author 3: Robiah Yusof
Author 4: Aswami Ariffin

International Journal of Advanced Computer Science and Applications(IJACSA), Volume 12 Issue 4, 2021.

Abstract: In recent year, an adversary has improved their Tactic, Technique and Procedure (TTPs) in launching cyberattack that make it less predictable, more persistent, resourceful and better funded. So many organisation has opted to use Cyber Threat Intelligence (CTI) in their security posture in attributing cyberattack effectively. However, to fully leverage the massive amount of data in CTI for threat attribution, an organisation needs to spend their focus more on discovering the hidden knowledge behind the voluminous data to produce an effective cyberattack attribution. Hence this paper emphasized on the research of association analysis in CTI process for cyber attack attribution. The aim of this paper is to formulate association ruleset to perform the attribution process in the CTI. The Apriori algorithm is used to formulate association ruleset in association analysis process and is known as the CTI Association Ruleset (CTI-AR). Interestingness measure indicator specially support (s), confidence (c) and lift (l) are used to measure the practicality, validity and filtering the CTI-AR. The results showed that CTI-AR effectively identify the attributes, relationship between attributes and attribution level group of cyberattack in CTI. This research has a high potential of being expanded into cyber threat hunting process in providing a more proactive cybersecurity environment.

Keywords: Cyber threat intelligence (CTI); association rule mining; apriori algorithm; attribution; interestingness measures

Md Sahrom Abu, Siti Rahayu Selamat, Robiah Yusof and Aswami Ariffin, “Formulation of Association Rule Mining (ARM) for an Effective Cyber Attack Attribution in Cyber Threat Intelligence (CTI)” International Journal of Advanced Computer Science and Applications(IJACSA), 12(4), 2021. http://dx.doi.org/10.14569/IJACSA.2021.0120418

@article{Abu2021,
title = {Formulation of Association Rule Mining (ARM) for an Effective Cyber Attack Attribution in Cyber Threat Intelligence (CTI)},
journal = {International Journal of Advanced Computer Science and Applications},
doi = {10.14569/IJACSA.2021.0120418},
url = {http://dx.doi.org/10.14569/IJACSA.2021.0120418},
year = {2021},
publisher = {The Science and Information Organization},
volume = {12},
number = {4},
author = {Md Sahrom Abu and Siti Rahayu Selamat and Robiah Yusof and Aswami Ariffin}
}


Copyright Statement: This is an open access article licensed under a Creative Commons Attribution 4.0 International License, which permits unrestricted use, distribution, and reproduction in any medium, even commercially as long as the original work is properly cited.

IJACSA

Upcoming Conferences

IntelliSys 2025

28-29 August 2025

Future Technologies Conference 2025

6-7 November 2025

Healthcare Conference 2026

21-22 May 2026

Computing Conference 2026

9-10 July 2026

IntelliSys 2026

3-4 September 2026

Computer Vision Conference 2026

15-16 October 2026