A1 Journal article (refereed)
Instrumenting OpenCTI with a Capability for Attack Attribution Support (2024)


Ruohonen, S., Kirichenko, A., Komashinskiy, D., & Pogosova, M. (2024). Instrumenting OpenCTI with a Capability for Attack Attribution Support. Forensic Sciences, 4(1), 12-23. https://doi.org/10.3390/forensicsci4010002


JYU authors or editors


Publication details

All authors or editorsRuohonen, Sami; Kirichenko, Alexey; Komashinskiy, Dmitriy; Pogosova, Mariam

Journal or seriesForensic Sciences

ISSN2673-6756

eISSN2673-6756

Publication year2024

Publication date23/01/2024

Volume4

Issue number1

Pages range12-23

PublisherMDPI AG

Publication countrySwitzerland

Publication languageEnglish

DOIhttps://doi.org/10.3390/forensicsci4010002

Publication open accessOpenly available

Publication channel open accessOpen Access channel

Publication is parallel published (JYX)https://jyx.jyu.fi/handle/123456789/93217


Abstract

In addition to identifying and prosecuting cyber attackers, attack attribution activities can provide valuable information for guiding defenders’ security procedures and supporting incident response and remediation. However, the technical analysis involved in cyberattack attribution requires skills, experience, access to up-to-date Cyber Threat Intelligence, and significant investigator effort. Attribution results are not always reliable, and skillful attackers often work hard to hide or remove the traces of their operations and to mislead or confuse investigators. In this article, we translate the technical attack attribution problem to the supervised machine learning domain and present a tool designed to support technical attack attribution, implemented as a machine learning model extending the OpenCTI platform. We also discuss the tool’s performance in the investigation of recent cyberattacks, which shows its potential in increasing the effectiveness and efficiency of attribution operations.


Keywordscyber attacksmachine learningcyber security

Free keywordscyberattack; technical cyberattack attribution; digital forensics; machine learning; cyber threat intelligence


Contributing organizations


Ministry reportingYes

VIRTA submission year2024


Last updated on 2024-02-07 at 23:46