Cavallaro, Lorenzo; Saha, Aakanksha; Mattei, James; Blasco, Jorge; Votipka, Daniel; Lindorfer, Martina; (2025) Expert insights into advanced persistent threats: analysis, attribution, and challenges. In: Proceedings of the 34th USENIX Security Symposium. USENIX: Seattle, WA, USA.

Preview

Text aptexperts_usenix25.pdf - Accepted Version Download (1MB) | Preview

Abstract

Advanced Persistent Threats (APTs) are sophisticated and targeted threats that demand significant effort from analysts for detection and attribution. Researchers have developed various techniques to support these efforts. However, security practitioners’ perceptions and challenges in analyzing APTlevel threats are not yet well understood. To address this gap, we conducted semi-structured interviews with 15 security practitioners across diverse roles and expertise. From the interview responses, we identify a three-layer approach to APT attribution, each having its own goals and challenges. We find that practitioners typically prioritize understanding the adversary’s tactics, techniques, procedures (TTPs), and motivations over identifying the specific entity behind an attack. We also find challenges in existing tools and processes mostly stemming from their inability to handle diverse and complex data and issues with both internal and external collaboration. Based on these findings, we provide four recommendations for improving attribution approaches and discuss how these improvements can address the identified challenges.

Download activity - last month

Export as JSONXMLCSV

Download activity - last 12 months

Export as CSVXMLJSON

Downloads by country - last 12 months

Export as XMLCSVJSON

Archive Staff Only

View Item