Skip to main content
SpringerLink
Log in

An Enhanced Cyber Attack Attribution Framework

  • Conference paper
  • First Online:
Trust, Privacy and Security in Digital Business (TrustBus 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11033))

Included in the following conference series:

Abstract

Advanced Persistent Threats (APTs) are considered as the threats that are the most challenging to detect and defend against. As APTs use sophisticated attack methods, cyber situational awareness and especially cyber attack attribution are necessary for the preservation of security of cyber infrastructures. Recent challenges faced by organizations in the light of APT proliferation are related to the: collection of APT knowledge; monitoring of APT activities; detection and classification of APTs; and correlation of all these to result in the attribution of the malicious parties that orchestrated an attack. We propose the Enhanced Cyber Attack Attribution (NEON) Framework, which performs attribution of malicious parties behind APT campaigns. NEON is designed to increase societal resiliency to APTs. NEON combines the following functionalities: (i) data collection from APT campaigns; (ii) collection of publicly available data from social media; (iii) honeypots and virtual personas; (iv) network and system behavioural monitoring; (v) incident detection and classification; (vi) network forensics; (vii) dynamic response based on game theory; and (viii) adversarial machine learning; all designed with privacy considerations in mind.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Farinholt, B., et al.: To catch a ratter: monitoring the behavior of amateur DarkComet RAT operators in the wild. In: IEEE Symposium on Security and Privacy, pp. 770–787. IEEE (2017)

    Google Scholar 

  2. Huang, L., Joseph, A.D., Nelson, B., Rubinstein, B.I., Tygar, J.: Adversarial machine learning. In: 4th ACM Workshop on Security and Artificial Intelligence, pp. 43–58. ACM (2011)

    Google Scholar 

  3. Pfleeger, S.L., Sasse, M.A., Furnham, A.: From weakest link to security hero: transforming staff security behavior. J. Homel. Secur. Emerg. Manag. 11(4), 489–510 (2014)

    Google Scholar 

  4. Langner, R.: Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur. Priv. 9(3), 49–51 (2011)

    Article  Google Scholar 

  5. Kaspersky: Targeted cyber attacks logbook. https://apt.securelist.com/. Accessed 09 Feb 2018

  6. Symantec: Advanced persistent threats: a symantec perspective. https://www.symantec.com/content/en/us/enterprise/white_papers/b-advanced_persistent_threats_WP_21215957.en-us.pdf. Accessed 09 Feb 2018

  7. ITU: Targeted attack trends. https://www.itu.int/en/ITU-D/Cybersecurity/Documents/2H_2013_Targeted_Attack_Campaign_Report.pdf. Accessed 09 Feb 2018

  8. King, S.: Apt (advanced persistent threat) - what you need to know. https://www.netswitch.net/apt-advanced-persistent-threat-what-you-need-to-know/. Accessed 09 Feb 2018

  9. Cavelty, M.D.: Cyber-security and Threat Politics: US Efforts to Secure the Information Age. Routledge, Abingdon (2007)

    Google Scholar 

  10. Choo, K.K.R.: The cyber threat landscape: challenges and future research directions. Comput. Secur. 30(8), 719–731 (2011)

    Article  Google Scholar 

  11. Giura, P., Wang, W.: A context-based detection framework for advanced persistent threats. In: International Conference on Cyber Security, pp. 69–74. IEEE (2012)

    Google Scholar 

  12. Virvilis, N., Gritzalis, D.: The big four-what we did wrong in advanced persistent threat detection? In: 8th International Conference on Availability, Reliability and Security, pp. 248–254. IEEE (2013)

    Google Scholar 

  13. Jasek, R., Kolarik, M., Vymola, T.: APT detection system using honeypots. In: 13th International Conference on Applied Informatics and Communications, pp. 25–29. (2013)

    Google Scholar 

  14. Chen, P., Desmet, L., Huygens, C.: A study on advanced persistent threats. In: De Decker, B., Zúquete, A. (eds.) CMS 2014. LNCS, vol. 8735, pp. 63–72. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44885-4_5

    Chapter  Google Scholar 

  15. Friedberg, I., Skopik, F., Settanni, G., Fiedler, R.: Combating advanced persistent threats: from network event correlation to incident detection. Comput. Secur. 48, 35–57 (2015)

    Article  Google Scholar 

  16. Marchetti, M., Pierazzi, F., Colajanni, M., Guido, A.: Analysis of high volumes of network traffic for advanced persistent threat detection. Comput. Netw. 109, 127–141 (2016)

    Article  Google Scholar 

  17. Hu, P., Li, H., Fu, H., Cansever, D., Mohapatra, P.: Dynamic defense strategy against advanced persistent threat with insiders. In: IEEE Conference on Computer Communications, pp. 747–755. IEEE (2015)

    Google Scholar 

  18. Zhu, Q., Rass, S.: On multi-phase and multi-stage game-theoretic modeling of advanced persistent threats. IEEE Access 6, 13958–13971 (2018)

    Article  Google Scholar 

  19. Bhatt, P., Yano, E.T., Gustavsson, P.: Towards a framework to detect multi-stage advanced persistent threats attacks. In: 2014 IEEE 8th International Symposium on Service Oriented System Engineering (SOSE), pp. 390–395. IEEE (2014)

    Google Scholar 

  20. Giura, P., Wang, W.: Using large scale distributed computing to unveil advanced persistent threats. Sci. J. 1(3), 93–105 (2012)

    Google Scholar 

  21. Wheeler, D.A., Larsen, G.N.: Techniques for cyber attack attribution. Technical report, Institute for Defense Analyses, Alexandria, VA (2003)

    Google Scholar 

  22. Hunker, J., Hutchinson, B., Margulies, J.: Role and challenges for sufficient cyber-attack attribution. Institute for Information Infrastructure Protection, pp. 5–10 (2008)

    Google Scholar 

  23. Bou-Harb, E., Lucia, W., Forti, N., Weerakkody, S., Ghani, N., Sinopoli, B.: Cyber meets control: a novel federated approach for resilient CPS leveraging real cyber threat intelligence. IEEE Commun. Mag. 55(5), 198–204 (2017)

    Article  Google Scholar 

  24. Qamar, S., Anwar, Z., Rahman, M.A., Al-Shaer, E., Chu, B.T.: Data-driven analytics for cyber-threat intelligence and information sharing. Comput. Secur. 67, 35–58 (2017)

    Article  Google Scholar 

  25. DARPA: Enhanced attribution federal project. https://govtribe.com/project/enhanced-attribution. Accessed 09 Feb 2018

  26. Kintis, P., et al.: Hiding in plain sight: a longitudinal study of combosquatting abuse. In: ACM Conference on Computer and Communications Security, pp. 569–586. ACM (2017)

    Google Scholar 

  27. Keromytis, A.: Enhanced attribution. https://www.enisa.europa.eu/events/cti-eu-event/cti-eu-event-presentations/enhanced-attribution/. Accessed 09 Feb 2018

  28. David Westcott, K.B.: Aptnotes. https://github.com/aptnotes/data. Accessed 09 Feb 2018

  29. Meusel, R., Mika, P., Blanco, R.: Focused crawling for structured data. In: 23rd ACM International Conference on Conference on Information and Knowledge Management, pp. 1039–1048. ACM (2014)

    Google Scholar 

  30. Triguero, I., García, S., Herrera, F.: Self-labeled techniques for semi-supervised learning: taxonomy, software and empirical study. Knowl. Inf. Syst. 42(2), 245–284 (2015)

    Article  Google Scholar 

  31. Olston, C., Najork, M.: Web crawling. Found. Trends Inf. Retr. 4(3), 175–246 (2010)

    Article  Google Scholar 

  32. Cimiano, P.: Ontology learning from text. In: Cimiano, P. (ed.) Ontology Learning and Population from Text: Algorithms, Evaluation and Applications, pp. 19–34. Springer, Boston (2006). https://doi.org/10.1007/978-0-387-39252-3_3

    Chapter  Google Scholar 

  33. Gialampoukidis, I., Moumtzidou, A., Tsikrika, T., Vrochidis, S., Kompatsiaris, I.: Retrieval of multimedia objects by fusing multiple modalities. In: ACM on International Conference on Multimedia Retrieval, pp. 359–362. ACM (2016)

    Google Scholar 

  34. Pitropakis, N., Pikrakis, A., Lambrinoudakis, C.: Behaviour reflects personality: detecting co-residence attacks on Xen-based cloud environments. Int. J. Inf. Secur. 14(4), 299–305 (2015)

    Article  Google Scholar 

  35. Davidoff, S., Ham, J.: Network Forensics: Tracking Hackers Through Cyberspace, vol. 2014. Prentice Hall, Upper Saddle River (2012)

    Google Scholar 

  36. Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., Smeraldi, F.: Decision support approaches for cyber security investment. Decis. Support Syst. 86, 13–23 (2016)

    Article  Google Scholar 

  37. Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., Smeraldi, F.: Game theory meets information security management. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 15–29. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55415-5_2

    Chapter  MATH  Google Scholar 

  38. Fielder, A., Konig, S., Panaousis, E., Schauer, S., Rass, S.: Uncertainty in cyber security investments. arXiv preprint arXiv:1712.05893 (2017)

  39. Widmer, G., Kubat, M.: Learning in the presence of concept drift and hidden contexts. Mach. Learn. 23(1), 69–101 (1996)

    Google Scholar 

  40. Nikhi, B., Giannetsos, T., Panaousis, E., Took, C.C.: Unsupervised learning for trustworthy IoT. In: IEEE International Conference on Fuzzy Systems (FUZZ-IEEE) (2018)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Edinburgh Napier University, Edinburgh, UK

    Nikolaos Pitropakis

  2. Surrey Centre for Cyber Security, University of Surrey, Guildford, UK

    Emmanouil Panaousis

  3. European Dynamics SA, Athens, Greece

    Alkiviadis Giannakoulias

  4. Information Technologies Institute, Centre for Research and Technology Hellas, Thermi, Greece

    George Kalpakis

  5. Atos Spain SA, Madrid, Spain

    Rodrigo Diaz Rodriguez

  6. University of Western Macedonia, Kozani, Greece

    Panayiotis Sarigiannidis

Authors
  1. Nikolaos Pitropakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Emmanouil Panaousis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alkiviadis Giannakoulias
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. George Kalpakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Rodrigo Diaz Rodriguez
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Panayiotis Sarigiannidis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nikolaos Pitropakis .

Editor information

Editors and Affiliations

  1. University of Plymouth, Plymouth, United Kingdom

    Steven Furnell

  2. University of Brighton, Brighton, United Kingdom

    Haralambos Mouratidis

  3. Universität Regensburg, Regensburg, Germany

    Günther Pernul

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Pitropakis, N., Panaousis, E., Giannakoulias, A., Kalpakis, G., Rodriguez, R.D., Sarigiannidis, P. (2018). An Enhanced Cyber Attack Attribution Framework. In: Furnell, S., Mouratidis, H., Pernul, G. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2018. Lecture Notes in Computer Science(), vol 11033. Springer, Cham. https://doi.org/10.1007/978-3-319-98385-1_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-98385-1_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-98384-4

  • Online ISBN: 978-3-319-98385-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation