A1 Journal article (refereed)
Instrumenting OpenCTI with a Capability for Attack Attribution Support (2024)
Ruohonen, S., Kirichenko, A., Komashinskiy, D., & Pogosova, M. (2024). Instrumenting OpenCTI with a Capability for Attack Attribution Support. Forensic Sciences, 4(1), 12-23. https://doi.org/10.3390/forensicsci4010002
JYU authors or editors
Publication details
All authors or editors: Ruohonen, Sami; Kirichenko, Alexey; Komashinskiy, Dmitriy; Pogosova, Mariam
Journal or series: Forensic Sciences
ISSN: 2673-6756
eISSN: 2673-6756
Publication year: 2024
Publication date: 23/01/2024
Volume: 4
Issue number: 1
Pages range: 12-23
Publisher: MDPI AG
Publication country: Switzerland
Publication language: English
DOI: https://doi.org/10.3390/forensicsci4010002
Publication open access: Openly available
Publication channel open access: Open Access channel
Publication is parallel published (JYX): https://jyx.jyu.fi/handle/123456789/93217
Abstract
In addition to identifying and prosecuting cyber attackers, attack attribution activities can provide valuable information for guiding defenders’ security procedures and supporting incident response and remediation. However, the technical analysis involved in cyberattack attribution requires skills, experience, access to up-to-date Cyber Threat Intelligence, and significant investigator effort. Attribution results are not always reliable, and skillful attackers often work hard to hide or remove the traces of their operations and to mislead or confuse investigators. In this article, we translate the technical attack attribution problem to the supervised machine learning domain and present a tool designed to support technical attack attribution, implemented as a machine learning model extending the OpenCTI platform. We also discuss the tool’s performance in the investigation of recent cyberattacks, which shows its potential in increasing the effectiveness and efficiency of attribution operations.
Keywords: cyber attacks; machine learning; cyber security
Free keywords: cyberattack; technical cyberattack attribution; digital forensics; machine learning; cyber threat intelligence
Contributing organizations
Ministry reporting: Yes
VIRTA submission year: 2024