TY  - BOOK
AU  - Supervisor Dr. Waleed Bin Shahid
TI  - Threat Attribution System
U1  - 621.382,KHA 
PY  - 2023///
CY  - MCS, NUST 
PB  - Rawalpindi 
KW  - UG EE Project
N1  - Over the years, computers have undergone significant improvements, changing from bulky, expensive machines with few capabilities to sleek, potent gadgets that are portable. Nearly 97% of Americans, according to a survey, own a personal device. Personal computers and cellphones are far more susceptible to cyberattacks since they store private and sensitive information. Malicious software, commonly known as malware, has the ability to disrupt the entire network while stealing valuable information. Naturally, such attacks frequently go unnoticed. As a result, understanding malware attribution and threat-actor attribution is essential for spotting and evaluating criminal malicious activity.
Malware attribution is the process of mapping a cyberattack to its threat actor. An individual, group, or organization that poses a threat to a computer system or network is referred to as a threat actor. The existing attribution systems use code similarity in APT malwares to analyze Indicators of Compromise (IOC data). With the emergence of polymorphic [12] malwares, attackers generate new signatures through slight code variations. Thus, code similarity techniques are inefficient for attribution. Our project's goal is to identify the threat actors behind Windows malware using systems event logs and registry files. It uses an anomaly-based approach to identify and classify malware. To begin with, it makes use of Sysmon to produce Windows-based operating system logs. For the purpose of identifying activity, the logs are analyzed to separate harmful from non-malicious actions. Secondly, data registries are a useful tool for locating and minimizing risks in the surroundings of threat actors. A data registry is a centralized database that houses details about user preferences, system setup, application settings, and other crucial information that an operating system or application uses. Natural Language Processing algorithms are used for classification. Malware attribution system ensures data integrity and security by timely attribution of the threat actor group
ER  -