AI-based multi-view fuzzy consensus clustering system for attack attribution

Project Objectives:

The main objective of the project was to is an Artificial Intelligent (AI)-based multi-view fuzzy consensus clustering system with fuzzy decision making support for attack attribution. This system enhances “cyber attribution for the defence of Canada” by automatically detecting, or making decision about, the source of given cyber attacks. The system can be trained using multiple AI learning sources, which will enable it to take into account multiple technical, non-technical and even regulatory and political viewpoints for estimating the source of cyber attacks. Moreover, by using machine learning to deal with ill-defined concepts (i.e. fuzzy logic), it facilitates sharing of different agents’ view about ongoing cyber-attacks in our estimation. Main project objectives were as follows:

1- Identify existing Advanced Persistent Threat (APT) actor’s technical and non-technical properties.
2- Developing a Fuzzifier that automatically converts fuzzy characteristics of APT groups and malicious actors campaign into different fuzzy clusters. Moreover, we build fuzzy metrics to estimate the level of confidence of our system in attributing malicious activities to an actor.
3- Developing a multi-view fuzzy consensus clustering system that includes different technical, regulatory, political, etc. views when estimating the source of a specific cyber-attack campaign.
4- Developing an integrated intuitionistic fuzzy decision making module to automate decision making process and reduce incident response time.
5- Testing the system’s accuracy by subjecting it to novel attack campaigns that were not part of the AI training set.

Project Status: Approved and Funded