ThreatMAMBA: Achieving High-Robustness Cyber Threat Attribution During the Evolution of Attacks

Cyber Threat Attribution (CTA) is the process of identifying who carried out a cyberattack by analyzing evidence from the attack. This paper introduces ThreatMAMBA, an AI framework that improves CTA by building knowledge graphs from threat intelligence data (IOCs, or indicators of compromise that identify malicious activity; TTPs, or tactics and techniques used by attackers; and temporal relationships) and using machine learning to identify attackers even in the early stages of ongoing attacks. The system showed significant improvements in accuracy at different stages of attack development, suggesting it can provide reliable attribution information quickly during real incidents.