* update 2024-11-07 06:21:44

arXiv_db/Malware/2024.md

@@ -3370,3 +3370,27 @@
 
 </details>
 
+<details>
+
+<summary>2024-11-04 19:31:15 - Analysing the cultural dimensions of cybercriminal groups -- A case study on the Conti ransomware group</summary>
+
+- *Konstantinos Mersinas, Aimee Liu, Niki Panteli*
+
+- `2411.02548v1` - [abs](http://arxiv.org/abs/2411.02548v1) - [pdf](http://arxiv.org/pdf/2411.02548v1)
+
+> Cybercriminal profiling and cyber-attack attribution have been elusive goals world-wide, due to their effects on societal and geopolitical balance and stability. Attributing actions to a group or state is a complex endeavour, with traditional established approaches including cyber threat intelligence and analysis of technical means such as malware analysis, network forensics and geopolitical intelligence. However, we propose an additional component for profiling threat actor groups through analysing cultural aspects of human behaviours and interactions. We utilise a set of variables which determine characteristics of national and organisational culture to create a cultural "footprint" of cybercriminal groups. As a case study, we conduct thematic analysis across the six dimensions of the Hofstede national culture classification and the eight dimensions of the Meyer classification on leaked internal communications of the ransomware group Conti. We propose that a systematic analysis of similar communications can serve as a practical tool for a) understanding the modus operandi of cybercrime and cyberwarfare-related groups, and b) profiling cybercriminal groups and/or nation-state actors. Insights from such applications can, first, assist in combating cybercrime and, second, if combined with additional cyber threat intelligence, can provide a level of confidence in nuanced cyber-attack attribution processes.
+
+</details>
+
+<details>
+
+<summary>2024-11-05 18:01:12 - LLMs for Domain Generation Algorithm Detection</summary>
+
+- *Reynier Leyva La O, Carlos A. Catania, Tatiana Parlanti*
+
+- `2411.03307v1` - [abs](http://arxiv.org/abs/2411.03307v1) - [pdf](http://arxiv.org/pdf/2411.03307v1)
+
+> This work analyzes the use of large language models (LLMs) for detecting domain generation algorithms (DGAs). We perform a detailed evaluation of two important techniques: In-Context Learning (ICL) and Supervised Fine-Tuning (SFT), showing how they can improve detection. SFT increases performance by using domain-specific data, whereas ICL helps the detection model to quickly adapt to new threats without requiring much retraining. We use Meta's Llama3 8B model, on a custom dataset with 68 malware families and normal domains, covering several hard-to-detect schemes, including recent word-based DGAs. Results proved that LLM-based methods can achieve competitive results in DGA detection. In particular, the SFT-based LLM DGA detector outperforms state-of-the-art models using attention layers, achieving 94% accuracy with a 4% false positive rate (FPR) and excelling at detecting word-based DGA domains.
+
+</details>
+