Interoperability, Safety and Security in IoT. Second International Conference, InterIoT 2016 and Third International Conference, SaSeIoT 2016, Paris, France, October 26-27, 2016, Revised Selected Papers

Research Article

Framework of Cyber Attack Attribution Based on Threat Intelligence

Download
992 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-52727-7_11,
        author={Li Qiang and Yang Zeming and Liu Baoxu and Jiang Zhengwei and Yan Jian},
        title={Framework of Cyber Attack Attribution Based on Threat Intelligence},
        proceedings={Interoperability, Safety and Security in IoT. Second International Conference, InterIoT 2016 and Third International Conference, SaSeIoT 2016, Paris, France, October 26-27, 2016, Revised Selected Papers},
        proceedings_a={INTERIOT \& SASEIOT},
        year={2017},
        month={2},
        keywords={Cyber attack attribution Framework Threat intelligence Intrusion kill chains Advanced threat},
        doi={10.1007/978-3-319-52727-7_11}
    }
    
  • Li Qiang
    Yang Zeming
    Liu Baoxu
    Jiang Zhengwei
    Yan Jian
    Year: 2017
    Framework of Cyber Attack Attribution Based on Threat Intelligence
    INTERIOT & SASEIOT
    Springer
    DOI: 10.1007/978-3-319-52727-7_11
Li Qiang,*, Yang Zeming1,*, Liu Baoxu1,*, Jiang Zhengwei1,*, Yan Jian,*
  • 1: Institute of Information Engineering, CAS
*Contact email: liqiang7@iie.ac.cn, yangzeming@iie.ac.cn, liubaoxu@iie.ac.cn, jiangzhengwei@iie.ac.cn, yanjian@iie.ac.cn

Abstract

With the rapid growth of information technology, more and more devices are connected to the network. Cyber security environment has become increasingly complicated. In the face of advanced threats, such as targeted attack and advanced persistent threat, traditional security measures of accumulating security devices to protect relevant systems and networks had been proved to be an unqualified failure. Aiming at this situation, this paper proposed a framework of cyber attack attribution based on threat intelligence. At first, after surveying and analyzing related academic research and industry solutions, this paper used the local advantage model to analysis the process of cyber attack. According to the definitions of seven steps in intrusion kill chains and six phases of F2T2EA model, this model proposed a method of collecting threat intelligence data and detecting and response to cyber attacks, so as to achieve the goals of early-warming, processing detection and response and posting attribution analysis, and finally to reverse the security situation. Then, this paper designed a framework of cyber attack attribution based on threat intelligence. The framework is composed by Start of analysis, Threat intelligence and Attribution analysis. The three main parts indicated the architecture of cyber attack attribution. Finally, we tested the framework by practical case. The case study shows that the proposed framework can provide some help in attribution analysis.