Advanced Persistent Threat (APT) attribution is a critical challenge in cybersecurity and implies the process of accurately identifying the perpetrators behind sophisticated cyber attacks. It can significantly enhance defense mechanisms and inform strategic responses. With the growing prominence of artificial intelligence (AI) and machine learning (ML) techniques, researchers are increasingly focused on developing automated solutions to link cyber threats to responsible actors, moving away from traditional manual methods. Previous literature on automated threat attribution lacks a systematic review of automated methods and relevant artifacts that can aid in the attribution process. To address these gaps and provide context on the current state of threat attribution, we present a comprehensive survey of automated APT attribution. The presented survey starts with understanding the dispersed artifacts and provides a comprehensive taxonomy of the artifacts that aid in attribution. We comprehensively review and present the classification of the available attribution datasets and current automated APT attribution methods. Further, we raise critical comments on current literature methods, discuss challenges in automated attribution, and direct toward open research problems. This survey reveals significant opportunities for future research in APT attribution to address current gaps and challenges. By identifying strengths and limitations in current practices, this survey provides a foundation for future research and development in automated, reliable, and actionable APT attribution methods.

翻译：高级持续性威胁（APT）归因是网络安全领域的关键挑战，指准确识别复杂网络攻击背后实施者的过程。它能显著增强防御机制并为战略响应提供依据。随着人工智能（AI）和机器学习（ML）技术的日益突出，研究者正逐渐从传统人工方法转向开发自动化解决方案，以将网络威胁与责任主体关联。现有关于自动化威胁归因的文献缺乏对自动化方法及可辅助归因过程的相关要素的系统性综述。为填补这些空白并阐明当前威胁归因的研究现状，本文对自动化APT归因进行了全面综述。本综述首先解析了分散的归因要素，并提出了辅助归因的要素综合分类体系。我们系统回顾并分类了现有归因数据集及当前自动化APT归因方法。进一步地，我们对现有文献方法提出批判性评论，探讨自动化归因面临的挑战，并指出开放研究方向。本综述揭示了APT归因领域应对当前空白与挑战的重要研究机遇。通过剖析现有实践的优势与局限，本研究为开发自动化、可靠且可操作的APT归因方法的未来研究奠定了基础。