Show simple item record

dc.contributor.authorRuohonen, Sami
dc.contributor.authorKirichenko, Alexey
dc.contributor.authorKomashinskiy, Dmitriy
dc.contributor.authorPogosova, Mariam
dc.date.accessioned2024-02-01T13:51:10Z
dc.date.available2024-02-01T13:51:10Z
dc.date.issued2024
dc.identifier.citationRuohonen, S., Kirichenko, A., Komashinskiy, D., & Pogosova, M. (2024). Instrumenting OpenCTI with a Capability for Attack Attribution Support. <i>Forensic Sciences</i>, <i>4</i>(1), 12-23. <a href="https://doi.org/10.3390/forensicsci4010002" target="_blank">https://doi.org/10.3390/forensicsci4010002</a>
dc.identifier.otherCONVID_202138350
dc.identifier.urihttps://jyx.jyu.fi/handle/123456789/93217
dc.description.abstractIn addition to identifying and prosecuting cyber attackers, attack attribution activities can provide valuable information for guiding defenders’ security procedures and supporting incident response and remediation. However, the technical analysis involved in cyberattack attribution requires skills, experience, access to up-to-date Cyber Threat Intelligence, and significant investigator effort. Attribution results are not always reliable, and skillful attackers often work hard to hide or remove the traces of their operations and to mislead or confuse investigators. In this article, we translate the technical attack attribution problem to the supervised machine learning domain and present a tool designed to support technical attack attribution, implemented as a machine learning model extending the OpenCTI platform. We also discuss the tool’s performance in the investigation of recent cyberattacks, which shows its potential in increasing the effectiveness and efficiency of attribution operations.en
dc.format.mimetypeapplication/pdf
dc.language.isoeng
dc.publisherMDPI AG
dc.relation.ispartofseriesForensic Sciences
dc.rightsCC BY 4.0
dc.subject.othercyberattack
dc.subject.othertechnical cyberattack attribution
dc.subject.otherdigital forensics
dc.subject.othermachine learning
dc.subject.othercyber threat intelligence
dc.titleInstrumenting OpenCTI with a Capability for Attack Attribution Support
dc.typearticle
dc.identifier.urnURN:NBN:fi:jyu-202402011724
dc.contributor.laitosInformaatioteknologian tiedekuntafi
dc.contributor.laitosFaculty of Information Technologyen
dc.type.urihttp://purl.org/eprint/type/JournalArticle
dc.type.coarhttp://purl.org/coar/resource_type/c_2df8fbb1
dc.description.reviewstatuspeerReviewed
dc.format.pagerange12-23
dc.relation.issn2673-6756
dc.relation.numberinseries1
dc.relation.volume4
dc.type.versionpublishedVersion
dc.rights.copyright© 2024 the Authors
dc.rights.accesslevelopenAccessfi
dc.subject.ysoverkkohyökkäykset
dc.subject.ysokoneoppiminen
dc.subject.ysokyberturvallisuus
dc.format.contentfulltext
jyx.subject.urihttp://www.yso.fi/onto/yso/p27466
jyx.subject.urihttp://www.yso.fi/onto/yso/p21846
jyx.subject.urihttp://www.yso.fi/onto/yso/p26189
dc.rights.urlhttps://creativecommons.org/licenses/by/4.0/
dc.relation.doi10.3390/forensicsci4010002
jyx.fundinginformationParts of this research were supported by the CC-DRIVER project funding received from the European Union’s Horizon 2020 research and innovation program under grant agreement No 883543 and by the CYBERSPACE project funding received from the European Union’s Internal Security Fund—Police (ISFP) program under grant agreement No 101038738. The APC was funded by CYBERSPACE.
dc.type.okmA1


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record

CC BY 4.0
Except where otherwise noted, this item's license is described as CC BY 4.0