Instrumenting OpenCTI with a Capability for Attack Attribution Support
| dc.contributor.author | Ruohonen, Sami | |
| dc.contributor.author | Kirichenko, Alexey | |
| dc.contributor.author | Komashinskiy, Dmitriy | |
| dc.contributor.author | Pogosova, Mariam | |
| dc.date.accessioned | 2024-02-01T13:51:10Z | |
| dc.date.available | 2024-02-01T13:51:10Z | |
| dc.date.issued | 2024 | |
| dc.identifier.citation | Ruohonen, S., Kirichenko, A., Komashinskiy, D., & Pogosova, M. (2024). Instrumenting OpenCTI with a Capability for Attack Attribution Support. <i>Forensic Sciences</i>, <i>4</i>(1), 12-23. <a href="https://doi.org/10.3390/forensicsci4010002" target="_blank">https://doi.org/10.3390/forensicsci4010002</a> | |
| dc.identifier.other | CONVID_202138350 | |
| dc.identifier.uri | https://jyx.jyu.fi/handle/123456789/93217 | |
| dc.description.abstract | In addition to identifying and prosecuting cyber attackers, attack attribution activities can provide valuable information for guiding defenders’ security procedures and supporting incident response and remediation. However, the technical analysis involved in cyberattack attribution requires skills, experience, access to up-to-date Cyber Threat Intelligence, and significant investigator effort. Attribution results are not always reliable, and skillful attackers often work hard to hide or remove the traces of their operations and to mislead or confuse investigators. In this article, we translate the technical attack attribution problem to the supervised machine learning domain and present a tool designed to support technical attack attribution, implemented as a machine learning model extending the OpenCTI platform. We also discuss the tool’s performance in the investigation of recent cyberattacks, which shows its potential in increasing the effectiveness and efficiency of attribution operations. | en |
| dc.format.mimetype | application/pdf | |
| dc.language.iso | eng | |
| dc.publisher | MDPI AG | |
| dc.relation.ispartofseries | Forensic Sciences | |
| dc.rights | CC BY 4.0 | |
| dc.subject.other | cyberattack | |
| dc.subject.other | technical cyberattack attribution | |
| dc.subject.other | digital forensics | |
| dc.subject.other | machine learning | |
| dc.subject.other | cyber threat intelligence | |
| dc.title | Instrumenting OpenCTI with a Capability for Attack Attribution Support | |
| dc.type | article | |
| dc.identifier.urn | URN:NBN:fi:jyu-202402011724 | |
| dc.contributor.laitos | Informaatioteknologian tiedekunta | fi |
| dc.contributor.laitos | Faculty of Information Technology | en |
| dc.type.uri | http://purl.org/eprint/type/JournalArticle | |
| dc.type.coar | http://purl.org/coar/resource_type/c_2df8fbb1 | |
| dc.description.reviewstatus | peerReviewed | |
| dc.format.pagerange | 12-23 | |
| dc.relation.issn | 2673-6756 | |
| dc.relation.numberinseries | 1 | |
| dc.relation.volume | 4 | |
| dc.type.version | publishedVersion | |
| dc.rights.copyright | © 2024 the Authors | |
| dc.rights.accesslevel | openAccess | fi |
| dc.subject.yso | verkkohyökkäykset | |
| dc.subject.yso | koneoppiminen | |
| dc.subject.yso | kyberturvallisuus | |
| dc.format.content | fulltext | |
| jyx.subject.uri | http://www.yso.fi/onto/yso/p27466 | |
| jyx.subject.uri | http://www.yso.fi/onto/yso/p21846 | |
| jyx.subject.uri | http://www.yso.fi/onto/yso/p26189 | |
| dc.rights.url | https://creativecommons.org/licenses/by/4.0/ | |
| dc.relation.doi | 10.3390/forensicsci4010002 | |
| jyx.fundinginformation | Parts of this research were supported by the CC-DRIVER project funding received from the European Union’s Horizon 2020 research and innovation program under grant agreement No 883543 and by the CYBERSPACE project funding received from the European Union’s Internal Security Fund—Police (ISFP) program under grant agreement No 101038738. The APC was funded by CYBERSPACE. | |
| dc.type.okm | A1 |
Aineistoon kuuluvat tiedostot
Aineisto kuuluu seuraaviin kokoelmiin
Ellei muuten mainita, aineiston lisenssi on CC BY 4.0