Ruohonen, S.; Kirichenko, A.; Komashinskiy, D.; Pogosova, M. Instrumenting OpenCTI with a Capability for Attack Attribution Support. Forensic Sci.2024, 4, 12-23.
Ruohonen, S.; Kirichenko, A.; Komashinskiy, D.; Pogosova, M. Instrumenting OpenCTI with a Capability for Attack Attribution Support. Forensic Sci. 2024, 4, 12-23.
Ruohonen, S.; Kirichenko, A.; Komashinskiy, D.; Pogosova, M. Instrumenting OpenCTI with a Capability for Attack Attribution Support. Forensic Sci.2024, 4, 12-23.
Ruohonen, S.; Kirichenko, A.; Komashinskiy, D.; Pogosova, M. Instrumenting OpenCTI with a Capability for Attack Attribution Support. Forensic Sci. 2024, 4, 12-23.
Abstract
In addition to identifying and prosecuting cyber attackers, attack attribution activities can provide valuable information guiding the defenders’ security procedures and giving them greater confidence in incident response and remediation. However, technical analysis involved in cyberattack attribution requires high skills, experience, access to up-to-date Cyber Threat Intelligence, and significant investigators’ effort. Attribution results are not always reliable, and skilful attackers often work hard to cover their traces and mislead or confuse investigators. In this article, we present a tool designed to support technical attack attribution and implemented as a machine learning model extending the OpenCTI platform. We also discuss the tool’s performance in the investigation of a recent cyberattack.
Computer Science and Mathematics, Security Systems
Copyright:
This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.