Litcius/Paper detail

The Triangle Model for Cyber Threat Attribution

Arun Warikoo

2021Journal of Cyber Security Technology16 citationsDOI

Abstract

Advanced Persistent Threats (APTs) have caused much grief over the years to organizations, both government and private. APTs are highly sophisticated, multi-stage and targeted attacks that have led to an increased demand on tracking threat actor groups and attribution for such cyber-attacks. Cyber threat attribution is the process of associating a targeted cyber-attack against a Threat Actor. Cyber threat attribution is fast becoming an important component in cyber defense operations. Determining cyber threat attribution enables an organization to understand the adversaries modus operandi and the Threat Actor’s objective. This allows organizations to augment their defenses, thereby, preventing future cyber-attacks. This paper introduces a model that can be used by organizations to effectively determine cyber threat attribution. The model uses three high-fidelity indicators for determining attribution and hence the name the Triangle Model. The vertices of the Triangle Model are sector, tools and tactics, techniques and procedures (TTPs). The Triangle Model sees tools and TTPs as high-fidelity indicators since it is hard for a Threat Actor to change tools and even harder to change behavior. The Triangle Model maps the TTPs identified in the victim organization’s intrusion set to the MITRE ATT&CK Framework.

Topics & Concepts

AttributionCyber-attackComputer securityComputer scienceProcess (computing)CyberwarfareSet (abstract data type)FidelityGovernment (linguistics)PsychologySocial psychologyOperating systemTelecommunicationsProgramming languageLinguisticsPhilosophyAdvanced Malware Detection TechniquesInformation and Cyber SecurityNetwork Security and Intrusion Detection