Abstract
With the rapid growth of information technology, more and more devices are connected to the network. Cyber security environment has become increasingly complicated. In the face of advanced threats, such as targeted attack and advanced persistent threat, traditional security measures of accumulating security devices to protect relevant systems and networks had been proved to be an unqualified failure. Aiming at this situation, this paper proposed a framework of cyber attack attribution based on threat intelligence. At first, after surveying and analyzing related academic research and industry solutions, this paper used the local advantage model to analysis the process of cyber attack. According to the definitions of seven steps in intrusion kill chains and six phases of F2T2EA model, this model proposed a method of collecting threat intelligence data and detecting and response to cyber attacks, so as to achieve the goals of early-warming, processing detection and response and posting attribution analysis, and finally to reverse the security situation. Then, this paper designed a framework of cyber attack attribution based on threat intelligence. The framework is composed by Start of analysis, Threat intelligence and Attribution analysis. The three main parts indicated the architecture of cyber attack attribution. Finally, we tested the framework by practical case. The case study shows that the proposed framework can provide some help in attribution analysis.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Trend Micro. Targetted Attacks (2016). http://www.trendmicro.com/vinfo/us/security/definition/targeted-attacks
Wheeler, D.A., Larsen, G.N.: Techniques for cyber attack attribution. No. IDA-P-3792. Institute for Defense Analyses, Alexandria, VA (2003)
Ryu, J., Na, J.: Security requirement for cyber attack traceback. In: Fourth International Conference on Networked Computing and Advanced Information Management, NCM 2008, vol. 2. IEEE (2008)
Hunker, J., Hutchinson, B., Margulies, J.: Role and challenges for sufficient cyber-attack attribution. In: Institute for Information Infrastructure Protection, pp. 5–10 (2008)
Tony Code. Attributions and Arrests: Lessons from Chinese Hacker (2015). https://www.fireeye.com/blog/executive-perspective/2015/12/attributions_andarr.html
Gartner. Definition: Threat Intelligence (2013). https://www.gartner.com/doc/2487216/definition-threat-intelligence
Gervais, P.: Nine Cyber Security Trends for 2016 (2015). http://www.prweb.com/releases/2015/12/prweb13125922.htm
Tirpak, J.A.: Find, fix, track, target, engage, assess. Air Force Mag. 83(7), 24–29 (2000)
U.S. Department of Defence. Joint Publication 3-60 Joint Targeting (2007). http://www.bits.de/NRANEU/others/jp-doctrine/jp3_60(07).pdf
Hutchins, E.M., Cloppert, M.J., Amin, R.M.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. In: Leading Issues in Information Warfare and Security Research, vol. 1, p. 80 (2011)
Caltagirone, S., Pendergast, A., Betz, C.: The diamond model of intrusion analysis. In: Center for Cyber Intelligence Analysis and Threat Research, Hanover, MD (2013)
Rid, T., Buchanan, B.: Attributing cyber attacks. J. Strateg. Stud. 38(1-2), 4–37 (2015)
Kaspersky. Kaspersky Lab Technology Leadership (2014). http://www.kaspersky.com/other/custom-html/b2b-ddos-prevention/pdf/kaspersky-technology-leadership.pdf
Kaspersky. Kaspersky Security Intelligence Services (2014). http://media.kaspersky.com/en/business-security/enterprise/Kaspersky_Security_Intelligence_Services_Threat_Intelligence_Services.pdf
FireEye. FireEye Threat Intelligence Engine (2015). https://www.fireeye.com/products/dynamic-threat-intelligence/threat-intelligence-engine.html
FireEye. FireEye Intelligence Center (2015). https://www.fireeye.com/content/dam/fireeye-www/global/en/products/pdfs/ds-fireeye-intelligence-center.pdf
Dell SecureWorks. Ever-Evolving Security Threat Landscape (2014). http://www.isaca.org/chapters3/Atlanta/AboutOurChapter/Documents/ISACAATL-062014-EverevolvingSecurityThreatLandscape.pdf
Dell SecureWorks. Counter Threat Platform (2016). https://www.secureworks.com/capabilities/counter-threat-platform
IBM Security. IBM X-Force Threat Intelligence (2016). http://www-03.ibm.com/security/xforce/
Qiang, L., et al.: A reasoning method of cyber-attack attribution based on threat intelligence. World Acad. Sci. Eng. Technol. Int. J. Comput. Electr. Autom. Control Inf. Eng. 10(5), 773–777 (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Qiang, L., Zeming, Y., Baoxu, L., Zhengwei, J., Jian, Y. (2017). Framework of Cyber Attack Attribution Based on Threat Intelligence. In: Mitton, N., Chaouchi, H., Noel, T., Watteyne, T., Gabillon, A., Capolsini, P. (eds) Interoperability, Safety and Security in IoT. SaSeIoT InterIoT 2016 2016. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 190. Springer, Cham. https://doi.org/10.1007/978-3-319-52727-7_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-52727-7_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-52726-0
Online ISBN: 978-3-319-52727-7
eBook Packages: Computer ScienceComputer Science (R0)