The Triangle Model for Cyber Threat Attribution. Issue 3 (2nd October 2021)
- Record Type:
- Journal Article
- Title:
- The Triangle Model for Cyber Threat Attribution. Issue 3 (2nd October 2021)
- Main Title:
- The Triangle Model for Cyber Threat Attribution
- Authors:
- Warikoo, Arun
- Abstract:
- ABSTRACT: Advanced Persistent Threats (APTs) have caused much grief over the years to organizations, both government and private. APTs are highly sophisticated, multi-stage and targeted attacks that have led to an increased demand on tracking threat actor groups and attribution for such cyber-attacks. Cyber threat attribution is the process of associating a targeted cyber-attack against a Threat Actor. Cyber threat attribution is fast becoming an important component in cyber defense operations. Determining cyber threat attribution enables an organization to understand the adversaries modus operandi and the Threat Actor's objective. This allows organizations to augment their defenses, thereby, preventing future cyber-attacks. This paper introduces a model that can be used by organizations to effectively determine cyber threat attribution. The model uses three high-fidelity indicators for determining attribution and hence the name the Triangle Model. The vertices of the Triangle Model are sector, tools and tactics, techniques and procedures (TTPs). The Triangle Model sees tools and TTPs as high-fidelity indicators since it is hard for a Threat Actor to change tools and even harder to change behavior. The Triangle Model maps the TTPs identified in the victim organization's intrusion set to the MITRE ATT&CK Framework.
- Is Part Of:
- Journal of cyber security technology. Volume 5:Issue 3/4(2021)
- Journal:
- Journal of cyber security technology
- Issue:
- Volume 5:Issue 3/4(2021)
- Issue Display:
- Volume 5, Issue 3/4 (2021)
- Year:
- 2021
- Volume:
- 5
- Issue:
- 3/4
- Issue Sort Value:
- 2021-0005-NaN-0000
- Page Start:
- 191
- Page End:
- 208
- Publication Date:
- 2021-10-02
- Subjects:
- Cyber threat attribution -- threat actor groups -- cyber threat intelligence -- MITRE ATT&CK framework
Computer security -- Periodicals
Data encryption (Computer science) -- Periodicals
005.805 - Journal URLs:
- http://www.tandfonline.com/ ↗
- DOI:
- 10.1080/23742917.2021.1895532 ↗
- Languages:
- English
- ISSNs:
- 2374-2917
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 21040.xml