The article discusses the importance of cyber threat attribution and the need to automate this process. It proposes a modular architecture that uses opinion pools to combine the output of different attributors, as opposed to current monolithic automated approaches. This approach increases the tractability of the threat attribution problem and offers increased usability and interpretability. It also introduces a Pairing Aggregator as an aggregation method. Experimental validation suggests that this modular approach can enhance precision and recall and does not decrease performance. The results also suggest that the Pairing Aggregator can improve precision over the linear and logarithmic opinion pools.

 

Publication date: 26 Jan 2024
Project Page: Unavailable
Paper: https://arxiv.org/pdf/2401.14090