Nation-State Threat Actor Attribution Using Fuzzy Hashing

Recent years have seen a rise in state-sponsored malware. Advanced Persistent Threat groups (APTs) been waging covert war with little repercussions due to the clandestine nature of cyberconflict. For sanctions be imposed, malware attribution is an important stage attack analysis because exploitation known vulnerabilities via execution one methods APT attackers use establish foothold target’s network. Prior attempts at automated behaviour report from sandboxes as inputs into machine learning algorithms. Whilst this good and reliable approach, it has some limitations. example, files may detect that they are sandboxed environment stop or behave differently leading false no attributions. Hence, there need for alternative feature extraction technique attribution. This research proposes novel framework lightweight uses fuzzy hashes natural language input classifiers attribute attacks. Experimental results show proposed attributes average accuracy F1-score 89% 87.5% country group classification. In addition, we demonstrate how approach provides faster method attribution, enhances advanced samples, generates competitive performance state-of-the-art dynamic engines.