Case Report
Version 1
Preserved in Portico This version is not peer-reviewed
Instrumenting OpenCTI with a Capability for Attack Attribution Support
Version 1
: Received: 27 August 2023 / Approved: 29 August 2023 / Online: 29 August 2023 (09:59:53 CEST)
A peer-reviewed article of this Preprint also exists.
Ruohonen, S.; Kirichenko, A.; Komashinskiy, D.; Pogosova, M. Instrumenting OpenCTI with a Capability for Attack Attribution Support. Forensic Sci. 2024, 4, 12-23. Ruohonen, S.; Kirichenko, A.; Komashinskiy, D.; Pogosova, M. Instrumenting OpenCTI with a Capability for Attack Attribution Support. Forensic Sci. 2024, 4, 12-23.
Abstract
In addition to identifying and prosecuting cyber attackers, attack attribution activities can provide valuable information guiding the defenders’ security procedures and giving them greater confidence in incident response and remediation. However, technical analysis involved in cyberattack attribution requires high skills, experience, access to up-to-date Cyber Threat Intelligence, and significant investigators’ effort. Attribution results are not always reliable, and skilful attackers often work hard to cover their traces and mislead or confuse investigators. In this article, we present a tool designed to support technical attack attribution and implemented as a machine learning model extending the OpenCTI platform. We also discuss the tool’s performance in the investigation of a recent cyberattack.
Keywords
cyberattack; technical cyberattack attribution; digital forensics; machine learning; cyber threat intelligence
Subject
Computer Science and Mathematics, Security Systems
Copyright: This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Comments (0)
We encourage comments and feedback from a broad range of readers. See criteria for comments and our Diversity statement.
Leave a public commentSend a private comment to the author(s)
* All users must log in before leaving a comment