An Enhanced Cyber Attack Attribution Framework

Advanced Persistent Threats (APTs) are considered as the threats that are the most challenging to detect and defend against. As APTs use sophisticated attack methods, cyber situational awareness and especially cyber attack attribution are necessary for the preservation of security of cyber infrastructures. Recent challenges faced by organizations in the light of APT proliferation are related to the: collection of APT knowledge; monitoring of APT activities; detection and classification of APTs; and correlation of all these to result in the attribution of the malicious parties that orchestrated an attack. We propose the Enhanced Cyber Attack Attribution (NEON) Framework, which performs attribution of malicious parties behind APT campaigns. NEON is designed to increase societal resiliency to APTs. NEON combines the following functionalities: (i) data collection from APT campaigns; (ii) collection of publicly available data from social media; (iii) honeypots and virtual personas; (iv) network and system behavioural monitoring; (v) incident detection and classification; (vi) network forensics; (vii) dynamic response based on game theory; and (viii) adversarial machine learning; all designed with privacy considerations in mind.