Skip to content

cyailab/MuCamp2

Repository files navigation

MuCamp2: Generating Validated Cyber Campaign Variants via Constrained LLMs for Group Attribution

IEEE Access DOI Python 3.12+ License

Publication

MuCamp2 is published in IEEE Access.

Overview

MuCamp2 is a generation-validation architecture for campaign-level TTP augmentation that places LLMs outside the trust boundary. Using deterministic candidate-pool constraints and multi-level semantic validation based on the MITRE ATT&CK Adversary Emulation Planner (AEP), MuCamp2 produces structurally consistent cyber campaign variants from authentic APT group TTP sequences and reports their semantic validity under explicitly stated AEP coverage limits.

Key Innovation: The architecture does not treat the LLM as a free generator. Instead, deterministic constraints enforce structural integrity, and the LLM provides selective refinement within a code-restricted candidate space; an independent AEP-based validator gates the output.

Key Results

Improvements over the SR (Synonym Replacement) baseline are modest in absolute terms. We report absolute differences (percentage points) first; relative percentages are provided as secondary context.

Metric LLM Few-shot SR Baseline Absolute (relative)
L3 pass rate (Lazarus) 15.7% 10.2% +5.5 pp (+54%)
L3 pass rate (MenuPass) 10.5% 7.5% +3.0 pp (+40%)
Tactic violation rate 0% 26–32% structurally precluded
Downstream RF Macro-F1 (matched n=1,402) 0.988–0.989 0.980 +0.008–0.009
Downstream kNN Macro-F1 (matched n) 0.976–0.982 0.936 +0.040–0.046
Cross-group class balance 1.7:1 5.1:1 more balanced

The most robust gain is structural (tactic violations 26–32% → 0%). The strict AEP-based (L3) gain is modest in absolute terms but statistically significant (non-overlapping 95% bootstrap CIs for Lazarus). Downstream attribution gains at matched sample sizes are bounded (~0.008–0.009 RF Macro-F1 at n=1,402); the practical contribution is best understood as a balanced supply of usable variants across groups rather than a large per-sample LLM superiority.

Limitations

AEP coverage of the validator is partial: AEP currently maps 197 of 356 ATT&CK v18 techniques (55.3%). Unmapped techniques have empty requires/provides sets, so they avoid failure in the capability walk by construction. As a result:

  • L3 should be read as an AEP-based operational proxy, not as complete semantic ground truth.
  • For sequences dominated by AEP-unmapped techniques (the low-coverage bin, <50%), the L3 pass rate reaches 98.5% — this reflects reduced validator discrimination, not higher intrinsic validity.
  • All "validated" wording in this repository and the paper should be read as "validated under current AEP coverage."

Expanding AEP mappings and reporting coverage-qualified subsets remain important directions for future work.

Architecture

MuCamp2 consists of two phases:

Phase 1 (Generation under constraint): A candidate pool is built from MITRE ATT&CK at the same-tactic level, and the LLM selects replacements within that code-restricted space using few-shot prompts.

Phase 2 (Validation outside the trust boundary): Code-level verification (V1–V4) and AEP-based multi-level semantic validation (L1–L3) are applied sequentially to gate variants for inclusion in the augmented dataset.

MuCamp2 Architecture

Semantic Validation Levels

  • L1 (Structural): Tactic order non-decreasing + goal tactics preserved
  • L2 (Execution Feasibility): AEP requires-satisfaction rate ≥ 0.7
  • L3 (Strict): L2 + fail budget ≤ 1 (at most one unsatisfied dependency)

L1–L3 are interpreted under the AEP coverage limitation noted above.

Code-Level Verification (V1–V4)

  • V1: Length match (|S'| = |S|)
  • V2: Index consistency (mutated indices match the pre-specified set)
  • V3: Non-mutated position preservation
  • V4: Candidate pool membership (technique IDs belong to same-tactic pool)

Dataset

93 seed TTP sequences from two state-sponsored APT groups, derived from a corpus of 858 public security reports collected by the precursor work, MuCamp.

Item Lazarus MenuPass Total
Selected source reports 106 47 153
Seed sequences (min_ttp ≥ 5, has goal tactic) 63 30 93
Mean techniques per sequence 12.43 14.55 13.08
Unique techniques used 106 77 121
Reference data for distributional metrics (n_real) 49 15 64

The 47 MenuPass source reports were exhaustively verified through a triple-pipeline alias matching process (PDF parse, OCR parse, processed) against 18 known group aliases (APT10, Stone Panda, Red Apollo, Cicada, etc.). For replication transparency, the repository includes (i) data/sources/source_report_list_lazarus_menupass.csv with the 153 selected source-report records and (ii) data/seeds/seed_sequences_attack_ids.csv with the 93 ATT&CK-ID seed sequences. The legacy ttp_sequences_with_meta_*.csv files are also included for script compatibility.

Three LLM models served via Ollama on a local GPU:

Model Parameters Inference
gpt-oss:20b 20B Ollama, Local GPU
qwen3-vl:30b 30B Ollama, Local GPU
glm-4.7-flash 30B Ollama, Local GPU

Repository Structure

MuCamp2/
├── README.md
├── LICENSE
├── requirements.txt
├── .gitignore
│
├── scripts/                              # Core pipeline scripts
│   ├── llm_mutation_fewshot.py           # LLM few-shot variant generation (main)
│   ├── mucamp_mutation.py                # SR baseline generation
│   ├── eval_variants_v18.py              # Evaluation (PR, C2ST, L1/L2/L3)
│   ├── aggregate_eval_variants_ext.py    # Result aggregation
│   ├── process_ttp.py                    # TTP sequence preprocessing
│   ├── util_env.py                       # Shared env loading
│   │
│   ├── ablation_constrained_sr.py        # Ablation: SR vs Constrained-SR vs LLM
│   ├── bootstrap_ci_fast.py              # Bootstrap confidence intervals
│   ├── downstream_attribution.py         # Group attribution (RF/kNN, 5-fold CV)
│   ├── downstream_learning_curve.py      # Quality vs quantity learning curves
│   ├── l1_failure_mechanism_analysis.py  # L1 failure root cause analysis
│   ├── l3_failure_analysis.py            # L3 failure root cause analysis
│   ├── aep_coverage_bias_analysis.py     # AEP coverage bias analysis
│   ├── llm_selection_analysis.py         # LLM selection distribution analysis
│   │
│   ├── plot_main_figure.py               # Paper figures (architecture, example)
│   ├── plot_paper_results.py             # Paper figures (quantitative results)
│   └── visualize_metrics_png.py          # Metric visualization
│
├── data/
│   ├── sources/
│   │   └── source_report_list_lazarus_menupass.csv
│   ├── aep/
│   │   └── agent_promises_v18_MERGED.json  # AEP Requires/Provides (197 techniques)
│   ├── attack_v18/
│   │   └── technique_to_tactic_v18.csv     # MITRE ATT&CK v18 mapping
│   ├── filters/
│   │   └── exclude_titles.txt              # Reports excluded from evaluation
│   ├── seeds/
│   │   ├── seed_sequences_attack_ids.csv
│   │   ├── ttp_sequences_with_meta_Lazarus.csv
│   │   ├── ttp_sequences_with_meta_MenuPass.csv
│   │   ├── ttp_preprocessed_Lazarus.csv
│   │   └── ttp_preprocessed_MenuPass.csv
│   └── sr_baseline/
│       ├── MUCAMP_mutations_Lazarus.csv
│       └── MUCAMP_mutations_MenuPass.csv
│
├── dataset/                              # Compatibility mirror used by scripts
│   ├── attack_v18/technique_to_tactic_v18.csv
│   └── ttp/
│       ├── ttp_sequences_with_meta_{Lazarus,MenuPass}.csv
│       ├── filters/exclude_titles.txt
│       └── augmented/MUCAMP_mutations_{Lazarus,MenuPass}.csv
│
├── aep-data/data/agent_promises_v18_MERGED.json  # Compatibility path used by validators
│
└── figures/                              # Paper figures (PDF + PNG)
    ├── fig_architecture.{pdf,png}        # Fig. 1: Pipeline overview
    ├── fig_ttp_example.{pdf,png}         # Fig. 2: Mutation & validation example
    ├── fig_downstream.{pdf,png}          # Fig. 3: Downstream attribution results
    ├── fig_learning_curve.{pdf,png}      # Fig. 4: Learning curve (RF Macro-F1)
    └── fig_aep_coverage.{pdf,png}        # Fig. 5: AEP coverage bias analysis

Quick Start

GUI Demo / Docker Deployment

The repository includes the MuCamp2 Attack Variant Workbench GUI in gui/.

# Docker deployment
docker compose up --build -d
# open http://localhost:8501 or http://SERVER_IP:8501
# Live generation defaults to OpenRouter; paste a key in the UI or set OPENROUTER_API_KEY.

Local Streamlit run:

python3 -m venv .venv-gui
source .venv-gui/bin/activate
pip install -r gui/requirements.txt
streamlit run gui/app.py

GUI features:

  • Select existing seed TTP sequences or paste a custom sequence.
  • Replay SR, LLM zero-shot, and LLM few-shot variants.
  • Generate one-shot live mutations through Ollama, OpenAI, OpenRouter, or an OpenAI-compatible API.
  • Compare original vs mutated ATT&CK timelines.
  • Validate L1/L2/L3 semantic constraints and AEP requires/provides traces.
  • Export an incident-response scenario as Markdown.

See gui/README.md for deployment and provider configuration details.

Installation

git clone https://github.com/cyailab/MuCamp2.git
cd MuCamp2

python3.12 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt

Environment Configuration

Create a .env file in the repository root:

# For local Ollama inference
OLLAMA_HOST=http://localhost:11434

# For remote providers (optional)
OPENAI_API_KEY=your_key_here
OPENROUTER_API_KEY=your_key_here

Usage

1. TTP Sequence Preprocessing

python scripts/process_ttp.py --groups Lazarus MenuPass

2. Variant Generation

LLM Few-shot (main method):

python scripts/llm_mutation_fewshot.py \
  --provider ollama --model gpt-oss:20b \
  --single-call --groups Lazarus MenuPass

SR Baseline:

python scripts/mucamp_mutation.py --groups Lazarus MenuPass --Nm 10

3. Evaluation

# Evaluate LLM variants
python scripts/eval_variants_v18.py \
  --root TID_TNAME_FEWSHOT --model gpt-oss_20b_newfewshot \
  --groups Lazarus MenuPass --embed svd --semantic-level 3 \
  --out-dir runs/eval

# Aggregate results
python scripts/aggregate_eval_variants_ext.py

4. Analysis Scripts

# Ablation study (SR vs Constrained-SR vs LLM)
python scripts/ablation_constrained_sr.py --groups Lazarus MenuPass

# Downstream attribution (RF/kNN 5-fold CV)
python scripts/downstream_attribution.py --groups Lazarus MenuPass

# Bootstrap confidence intervals
python scripts/bootstrap_ci_fast.py --groups Lazarus MenuPass

# Learning curve analysis
python scripts/downstream_learning_curve.py --groups Lazarus MenuPass

# Failure analysis
python scripts/l1_failure_mechanism_analysis.py --groups Lazarus MenuPass
python scripts/l3_failure_analysis.py --groups Lazarus MenuPass

# AEP coverage bias
python scripts/aep_coverage_bias_analysis.py --groups Lazarus MenuPass

# LLM selection distribution (entropy, KL-divergence, chi-square)
python scripts/llm_selection_analysis.py --groups Lazarus MenuPass

5. Visualization

python scripts/plot_main_figure.py
python scripts/plot_paper_results.py
python scripts/visualize_metrics_png.py --input <summary.csv> --output figures/

Evaluation Metrics

Distributional Fidelity

  • kNN Precision/Recall: Coverage and fidelity on 50-dim TF-IDF+SVD embeddings
  • C2ST (Classifier Two-Sample Test): Binary classifier distinguishability (0.5 = ideal)

Semantic Validity (under current AEP coverage)

  • L1/L2/L3 pass rates: Three-level semantic validation (see definitions and limitations above)
  • Tactic violation rate: Frequency of invalid tactic orderings (structurally precluded by candidate-pool constraints)

Downstream Utility

  • Macro-F1 (RF/kNN): Group attribution accuracy with 5-fold stratified cross-validation

LLM Provider Abstraction

The call_llm() function in llm_mutation_fewshot.py supports three providers:

Provider Method Notes
ollama HTTP POST (urllib) Local GPU inference
openrouter curl subprocess + exponential backoff Remote API
openai OpenAI API (urllib) Remote API

Citation

If you use MuCamp2 in your research, please cite:

@article{kim2026mucamp2,
  title={MuCamp2: Generating Validated Cyber Campaign Variants via Constrained LLMs for Group Attribution},
  author={Kim, Keunho and Lee, Jimin and Lee, Insup and Han, Insung and Lee, Jungsik and Shim, Shinwoo and Choi, Changhee},
  journal={IEEE Access},
  year={2026},
  doi={10.1109/ACCESS.2026.3700808},
  url={https://ieeexplore.ieee.org/document/11552376}
}

References

License

This project is licensed under the Apache License 2.0. See LICENSE for details.

Contact

Reproducibility note

The data/ directory contains the curated supplementary data files. The dataset/ and aep-data/ directories mirror the same inputs at the legacy paths expected by the released scripts, so the commands above can be run immediately after cloning the repository. LLM generation requires a local Ollama server or remote API credentials; deterministic SR-baseline generation and metadata checks can be run without API credentials.

About

No description, website, or topics provided.

Resources

License

Stars

2 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors