The IoT devices have proliferated into human lives from simple mundane to advanced lifesaving activities by means of automation, control and monitoring. Finally, the proposed approach is demonstrated through an email phishing attack scenario. The identified techniques are correlated to tactics, which are then mapped to corresponding phases of the Cyber Kill Chain model, resulting in the detection of an ongoing cyber-attack. Fronesis examines the collected digital artifacts by applying rule-based reasoning on the Fronesis cyber-attack detection ontology to identify traces of adversarial techniques. The approach combines ontological reasoning with the MITRE ATT&CK framework, the Cyber Kill Chain model, and the digital artifacts acquired continuously from the monitored computer system. This paper introduces an approach for digital forensics-based early detection of ongoing cyber-attacks called Fronesis. Nevertheless, a growing number of successful attacks and the increasing ingenuity of attackers prove that these approaches are insufficient. More sophisticated approaches apply machine learning to detect abnormal behavior.
Traditional attack detection approaches utilize predefined databases of known signatures about already-seen tools and malicious activities observed in past cyber-attacks to detect future attacks. Finally, a step-wise procedure for researching and logging CuFAs is devised to accompany the model. Additionally, we suggest some improvements on its integration into our model and identify higher-level location categories to illustrate tracing an object from creation through investigative leads. We use the Cyber Observable eXpression (CybOX) project due to its rising popularity and rigorous classifications of forensic objects.
An ontological model encapsulates these required fields while utilizing a lower-level taxonomic schema. Thus, we propose using a new term – curated forensic artifact (CuFA) – to address items which have been cleared for entry into a CuFA database (one implementation, the Artifact Genome Project, abbreviated as AGP, is under development and briefly outlined). This definition includes required fields that all artifacts must have and encompasses the notion of curation.
In this paper we propose a new definition based on a survey we conducted, literature usage, prior definitions of the word itself, and similarities with archival science. The term “artifact” currently does not have a formal definition within the domain of cyber/digital forensics, resulting in a lack of standardized reporting, linguistic understanding between professionals, and efficiency.
0 kommentar(er)
