Identification of Potential Threats in the Critical Path for Defense Operations by Cross Reference Features Clustering

  • Antonio Horta Morphus Segurança da Informação / IME
  • Renato Marinho Morphus Segurança da Informação / UNIFOR
  • Raimir Holanda Morphus Segurança da Informação / UNIFOR


Cyber attacks are a threat to the security of the most diverse types of organizations. To mitigate the risk of suffering successful attacks, organizations use different types of assessments. The research problem addressed in this study is to present, among the behaviors of known threats, those that are similar to the assessment campaign carried out and consequently represent greater risk when attempting attacks using the more exploitable critical path. The purpose of this research is to present a method for identifying the critical path of the threat and the similarity factor by Cross Reference Features (CRF) method to identify the opponents most similar to the procedures used in the assessment campaign carried out. The CRF was used as a baseline for comparison between 2 unsupervised learning algorithms in the threat clustering task. For essays that considered only groups as threats, K-means outperformed the Hierarchical Agglomerative Clustering by 2.4 percentage points, while in the essay with all threats, Hierarchical Agglomerative Clustering surpassed K-means by 2.3%.


Ahn, G., Kim, K., Park, W., and Shin, D. (2022). Malicious file detection method using machine learning and interworking with mitre att&ck framework. Applied Sciences, 12(21):10761.

Alloghani, M., Al-Jumeily, D., Mustafina, J., Hussain, A., and Aljaaf, A. J. (2020). A systematic review on supervised and unsupervised machine learning algorithms for data science. Supervised and unsupervised learning for data science, pages 3–21.

Atiku, S. B., Aaron, A. U., Job, G. K., Shittu, F., and Yakubu, I. Z. (2020). Survey on the applications of artificial intelligence in cyber security. International Journal of Scientistic and Technology Research, 9(10):165–170.

Irshad, E. and Siddiqui, A. B. (2022). Cyber threat attribution using unstructured reports in cyber threat intelligence. Egyptian Informatics Journal.

Jaber, A. and Fritsch, L. (2023). Towards ai-powered cybersecurity attack modeling with simulation tools: Review of attack simulators. In International Conference on P2P, Parallel, Grid, Cloud and Internet Computing, pages 249–257. Springer.

Ji, Y., Liu, H., Xiao, N.-C., and Zhan, H. (2023). An efficient method for time-dependent reliability problems with high-dimensional outputs based on adaptive dimension reduction strategy and surrogate model. Engineering Structures, 276:115393.

Kim, H., Kwon, H., and Kim, K. K. (2019). Modified cyber kill chain model for multimedia service environments. Multimedia Tools and Applications, 78(3):3153–3170.

Kinge, A., Hrithik, P., Oswal, Y., and Kulkarni, N. (2023). Customer analytics research: Utilizing unsupervised machine learning techniques. In Data Intelligence and Cognitive Informatics, pages 501–515. Springer.

Leszczyna, R. (2021). Review of cybersecurity assessment methods: Applicability perspective. Computers & Security, 108:102376.

Lin, S.-X., Li, Z.-J., Chen, T.-Y., and Wu, D.-J. (2022). Attack tactic labeling for cyber threat hunting. In 2022 24th International Conference on Advanced Communication Technology (ICACT), pages 34–39. IEEE.

Martin, L. (2014). Gaining the advantage cyber kill chain. [link]. (Accessed on 01/03/2023).

Mayukha, S. and Vadivel, R. (2023). Reconnaissance for penetration testing using active scanning of mitre att&ck. In Information and Communication Technology for Competitive Strategies (ICTCS 2021), pages 693–705. Springer.

Moumouh, C., Chkouri, M. Y., and Fernández-Alemán, J. L. (2023). Cybersecurity awareness through serious games: A systematic literature review. In International Conference on Networking, Intelligent Systems and Security, pages 190–199. Springer.

Neto, A. J. H., Dos Santos, A. F. P., and Dos Santos, M. (2021). Polymer: An adaptive kill chain expanding cyber threat hunting to multi-platform environments. In 2021 IEEE International Conference on Big Data (Big Data), pages 2128–2135. IEEE.

Noor, U., Anwar, Z., Amjad, T., and Choo, K.-K. R. (2019). A machine learning-based fintech cyber threat attribution framework using high-level indicators of compromise. Future Generation Computer Systems, 96:227–242.

Park, N.-E., Lee, Y.-R., Joo, S., Kim, S.-Y., Kim, S.-H., Park, J.-Y., Kim, S.-Y., and Lee, I.-G. (2023). Performance evaluation of a fast and efficient intrusion detection framework for advanced persistent threat-based cyberattacks. Computers and Electrical Engineering, 105:108548.

Shin, Y., Kim, K., Lee, J. J., and Lee, K. (2021). Art: Automated reclassification for threat actors based on attck matrix similarity. In 2021 World Automation Congress (WAC), pages 15–20.

Shin, Y., Kim, K., Lee, J. J., and Lee, K. (2022). Focusing on the weakest link: A similarity analysis on phishing campaigns based on the att&ck matrix. Security and Communication Networks, 2022.

Van Den Berg, J. (2017). The unified kill chain. [link]. (Accessed on 01/03/2023).
Como Citar

Selecione um Formato
HORTA, Antonio; MARINHO, Renato; HOLANDA, Raimir. Identification of Potential Threats in the Critical Path for Defense Operations by Cross Reference Features Clustering. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 23. , 2023, Juiz de Fora/MG. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2023 . p. 223-236. DOI: