Community discovery of attribution trace based on deep learning approach

Abstract

In order to prevent potential network crime and halt attackers’ operation further, collecting information to profile attackers is helpful. Because this exposes the identity of attackers, as well as provides IOC (Indicator of Compromise) to confirm whether devices have been compromised. In this information searching procedure, finding unknown information based on the existing ones is of crucial importance, because it leads to a more comprehensive profile about the attackers. Usually, these information pieces about a particular attacker form a tight connected community. Thus, finding the correct community label for the new incoming information piece based on these existing ones is pivotal for iteratively discovering more unknown information about the attacker. To facilitate this process, we propose to adopt the promising deep learning method to community classification on attribution traces. First, we propose to employ deep learning on extracting attribution trace pattern and then use the fine-tuned DBN (Deep Belief Network) to model the existing communities. At last, we experimentally illustrate the effectiveness of the DBN model in finding the correct community labels by feeding it with test information pieces. The results demonstrate that deep learning is a powerful means for identifying the community label.