GroupTracer: Automatic Attacker TTP Profile Extraction and Group Cluster in Internet of Things

<table class="table-group" id="tab2"><tr><td><table class="table"><tr><td class="thead-hr" colspan="3"><hr/></td></tr><tr class="thead"><td class="align_left">#</td><td class="align_center">Feature name</td><td class="align_center">Description</td></tr><tr><td class="thead-hr" colspan="3"><hr/></td></tr><tr><td class="align_left">1</td><td class="align_center">Country</td><td class="align_center">Describes the country to which the IP/URL belongs.</td></tr><tr><td class="align_left">2</td><td class="align_center">Malicious index</td><td class="align_center">Leverages the VirusTotal API to determine the maliciousness of the IP/URL.</td></tr><tr><td class="align_left">3</td><td class="align_center">IP address type</td><td class="align_center">Utilizes the RTBAsia API to classify IP/URL type.</td></tr><tr><td class="align_left">4</td><td class="align_center">Download (optional)</td><td class="align_center">The file that the attack actor downloaded by executing the command.</td></tr><tr class="table-tr"><td colspan="3"><hr class="tbody-hr"/></td></tr></table></td></tr></table>

<div>Features related to IP &amp; URL feature groups.</div>

Security and Communication Networks

tab2

Table 2

Table 2: GroupTracer: Automatic Attacker TTP Profile Extraction and Group Cluster in Internet of Things 