Abstract
ABSTRACT Advanced Persistent Threats (APTs) have caused much grief over the years to organizations, both government and private. APTs are highly sophisticated, multi-stage and targeted attacks that have led to an increased demand on tracking threat actor groups and attribution for such cyber-attacks. Cyber threat attribution is the process of associating a targeted cyber-attack against a Threat Actor. Cyber threat attribution is fast becoming an important component in cyber defense operations. Determining cyber threat attribution enables an organization to understand the adversaries modus operandi and the Threat Actor’s objective. This allows organizations to augment their defenses, thereby, preventing future cyber-attacks. This paper introduces a model that can be used by organizations to effectively determine cyber threat attribution. The model uses three high-fidelity indicators for determining attribution and hence the name the Triangle Model. The vertices of the Triangle Model are sector, tools and tactics, techniques and procedures (TTPs). The Triangle Model sees tools and TTPs as high-fidelity indicators since it is hard for a Threat Actor to change tools and even harder to change behavior. The Triangle Model maps the TTPs identified in the victim organization’s intrusion set to the MITRE ATT&CK Framework.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
