Instrumenting OpenCTI with a Capability for Attack Attribution Support
Ruohonen, S., Kirichenko, A., Komashinskiy, D., & Pogosova, M. (2024). Instrumenting OpenCTI with a Capability for Attack Attribution Support. Forensic Sciences, 4(1), 12-23. https://doi.org/10.3390/forensicsci4010002
Julkaistu sarjassa
Forensic SciencesPäivämäärä
2024Tekijänoikeudet
© 2024 the Authors
In addition to identifying and prosecuting cyber attackers, attack attribution activities can provide valuable information for guiding defenders’ security procedures and supporting incident response and remediation. However, the technical analysis involved in cyberattack attribution requires skills, experience, access to up-to-date Cyber Threat Intelligence, and significant investigator effort. Attribution results are not always reliable, and skillful attackers often work hard to hide or remove the traces of their operations and to mislead or confuse investigators. In this article, we translate the technical attack attribution problem to the supervised machine learning domain and present a tool designed to support technical attack attribution, implemented as a machine learning model extending the OpenCTI platform. We also discuss the tool’s performance in the investigation of recent cyberattacks, which shows its potential in increasing the effectiveness and efficiency of attribution operations.
...
Julkaisija
MDPI AGISSN Hae Julkaisufoorumista
2673-6756Asiasanat
Julkaisu tutkimustietojärjestelmässä
https://converis.jyu.fi/converis/portal/detail/Publication/202138350
Metadata
Näytä kaikki kuvailutiedotKokoelmat
Lisätietoja rahoituksesta
Parts of this research were supported by the CC-DRIVER project funding received from the European Union’s Horizon 2020 research and innovation program under grant agreement No 883543 and by the CYBERSPACE project funding received from the European Union’s Internal Security Fund—Police (ISFP) program under grant agreement No 101038738. The APC was funded by CYBERSPACE.Lisenssi
Samankaltainen aineisto
Näytetään aineistoja, joilla on samankaltainen nimeke tai asiasanat.
-
Strategic cyber threat intelligence : Building the situational picture with emerging technologies
Voutilainen, Janne; Kari, Martti (Academic Conferences International, 2020)In 2019, e-criminals adopted new tactics to demand enormous ransoms from large organizations by using ransomware, a phenomenon known as “big game hunting.” Big game hunting is an excellent example of a sophisticated and ... -
On Attacking Future 5G Networks with Adversarial Examples : Survey
Zolotukhin, Mikhail; Zhang, Di; Hämäläinen, Timo; Miraghaei, Parsa (MDPI AG, 2023)The introduction of 5G technology along with the exponential growth in connected devices is expected to cause a challenge for the efficient and reliable network resource allocation. Network providers are now required to ... -
Adversarial Attack’s Impact on Machine Learning Model in Cyber-Physical Systems
Vähäkainu, Petri; Lehto, Martti; Kariluoto, Antti (Peregrine Technical Solutions, 2020)Deficiency of correctly implemented and robust defence leaves Internet of Things devices vulnerable to cyber threats, such as adversarial attacks. A perpetrator can utilize adversarial examples when attacking Machine ... -
Countering Adversarial Inference Evasion Attacks Towards ML-Based Smart Lock in Cyber-Physical System Context
Vähäkainu, Petri; Lehto, Martti; Kariluoto, Antti (Springer, 2021)Machine Learning (ML) has been taking significant evolutionary steps and provided sophisticated means in developing novel and smart, up-to-date applications. However, the development has also brought new types of hazards ... -
Analysing Multidimensional Strategies for Cyber Threat Detection in Security Monitoring
Shelke, Palvi; Hämäläinen, Timo (Academic Conferences International Ltd, 2024)The escalating risk of cyber threats requires continuous advances in security monitoring techniques. This survey paper provides a comprehensive overview of recent research into novel methods for cyber threat detection, ...
Ellei toisin mainittu, julkisesti saatavilla olevia JYX-metatietoja (poislukien tiivistelmät) saa vapaasti uudelleenkäyttää CC0-lisenssillä.