Cyber threat attribution can play an important role in increasing resilience against digital threats. Recent research focuses on automating the threat attribution process and on integrating it with other efforts, such as threat hunting. To support increasing automation of the cyber threat attribution process, this paper proposes a modular architecture as an alternative to current monolithic automated approaches. The modular architecture can utilize opinion pools to combine the output of concrete attributors. The proposed solution increases the tractability of the threat attribution problem and offers increased usability and interpretability, as opposed to monolithic alternatives. In addition, a Pairing Aggregator is proposed as an aggregation method that forms pairs of attributors based on distinct features to produce intermediary results before finally producing a single Probability Mass Function (PMF) as output. The Pairing Aggregator sequentially applies both the logarithmic opinion pool and the linear opinion pool. An experimental validation suggests that the modular approach does not result in decreased performance and can even enhance precision and recall compared to monolithic alternatives. The results also suggest that the Pairing Aggregator can improve precision over the linear and logarithmic opinion pools. Furthermore, the improved k-accuracy in the experiment suggests that forensic experts can leverage the resulting PMF during their manual attribution processes to enhance their efficiency.

提出了一种模块化架构作为当前整体自动化方法的一种替代方案，这种解决方案可以利用意见库来组合各种属性者的输出，以增加威胁归因问题的可追踪性，并提供更高的可用性和可解释性。此外，通过实验证明，模块化方法不会导致性能下降，甚至可以提高精度和召回率，并且Pairing Aggregator可以改善线性和对数意见库的精度。改进的实验中的k-accuracy表明，鉴证专家可以利用生成的概率质量函数来提高其归因过程的效率。

自动网络威胁溯源的模块化方法