A comparative analysis of threat models in the context of cyber threat attribution

A comparative analysis of threat models in the context of cyber threat attribution | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article A comparative analysis of threat models in the context of cyber threat attribution Viktor Szulcsányi, Sándor Magyar This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-7496589/v1 This work is licensed under a CC BY 4.0 License Status: Under Review Version 1 posted 15 You are reading this latest preprint version Abstract The role of cyberspace in geopolitical conflicts - as the experience of recent decades clearly demonstrates - is continually expanding. The activities of state sponsored and other cyber actors are becoming increasingly frequent, complex, and sophisticated. To understand and analyze a potential cyberattack in detail, it is essential to identify and select an appropriate analytical framework. There are currently several frameworks and models for analyzing cyber threats, but these were developed for different purposes and primarily focus on technical analysis. However, when analyzing a complex attack, we must also consider additional non-technical aspects that are not or are only partially covered by the known models. This research aims to conduct a comparative analysis of publicly available threat models and frameworks, with a particular focus on their applicability in the context of cyber threat attribution. The study evaluates the applicability of individual frameworks during attribution based on a uniquely created set of criteria. The purpose of the comparative analysis is to understand the strengths, weaknesses, and shortcomings of individual models in light of the identification of cyber actors behind cyber threats. Cyber threats attribution CTI indicators threat actors attribution model Full Text Additional Declarations No competing interests reported. Cite Share Download PDF Status: Under Review Version 1 posted Editorial decision: Revision requested 11 Nov, 2025 Reviews received at journal 06 Nov, 2025 Reviews received at journal 29 Oct, 2025 Reviewers agreed at journal 27 Oct, 2025 Reviewers agreed at journal 27 Oct, 2025 Reviews received at journal 23 Oct, 2025 Reviewers agreed at journal 11 Sep, 2025 Reviews received at journal 11 Sep, 2025 Reviews received at journal 10 Sep, 2025 Reviewers agreed at journal 10 Sep, 2025 Reviewers agreed at journal 08 Sep, 2025 Reviewers invited by journal 08 Sep, 2025 Editor assigned by journal 05 Sep, 2025 Submission checks completed at journal 04 Sep, 2025 First submitted to journal 30 Aug, 2025 You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-7496589","acceptedTermsAndConditions":true,"allowDirectSubmit":false,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":513480349,"identity":"a51bdbff-9bbb-4c42-a4dd-3be1a12694c2","order_by":0,"name":"Viktor Szulcsányi","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAABJUlEQVRIie2QvWrDMBRGJQTJonaWaXH6CBcMzlL6LBKBZDElJZClQ10Kmfqzxm+RLJ0VBPEi2jXQRVDolCGjBxMquykELEPHDjpI6ENwdHUvQh7P/wTL+iB28yp2UxsOi7Q4xwogROVflZ9oFcbr2Kr0XjTIory6hhx1mNFl2M+2sTHo0t4MDLmZNRSQGlZPs8EElFX4BqLzj6QPHA0noL+AZA4FP4LCKRELhQjwHYj5WRIzsVdiseFATppK74Ha98u7IyXQsW2nUkY7l4LWldJRlYKN/ZiYM/qrJM4qoDtj20suMoXvDddRxOhwyqpeAr0dK/rmmJhamqK8Fc/vSq6KdRiyrnoNCjux03y0/KRTx5gPXEicNm9lu2DLOQSPx+Px1HwD809y/8EWLYcAAAAASUVORK5CYII=","orcid":"","institution":"Óbuda University","correspondingAuthor":true,"prefix":"","firstName":"Viktor","middleName":"","lastName":"Szulcsányi","suffix":""},{"id":513480350,"identity":"c31c17e3-c8e2-416d-b21c-c944832b2d39","order_by":1,"name":"Sándor Magyar","email":"","orcid":"","institution":"University of Public Service","correspondingAuthor":false,"prefix":"","firstName":"Sándor","middleName":"","lastName":"Magyar","suffix":""}],"badges":[],"createdAt":"2025-08-30 16:53:16","currentVersionCode":1,"declarations":"","doi":"10.21203/rs.3.rs-7496589/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-7496589/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":91373215,"identity":"b42a21ce-a08b-4034-899b-7a32fc0e349a","added_by":"auto","created_at":"2025-09-15 19:10:33","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":498922,"visible":true,"origin":"","legend":"","description":"","filename":"Szulcsanyi.pdf","url":"https://assets-eu.researchsquare.com/files/rs-7496589/v1_covered_d5d87e8e-08bf-451f-a1ec-764e7da489cb.pdf"}],"financialInterests":"No competing interests reported.","formattedTitle":"A comparative analysis of threat models in the context of cyber threat attribution","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":false,"hideJournal":false,"highlight":"","institution":"","isAcceptedByJournal":true,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"[email protected]","identity":"international-journal-of-information-security","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":false,"externalIdentity":"ijis","sideBox":"Learn more about [International Journal of Information Security](http://link.springer.com/journal/10207)","snPcode":"10207","submissionUrl":"https://submission.nature.com/new-submission/10207/3","title":"International Journal of Information Security","twitterHandle":"","acdcEnabled":true,"dfaEnabled":true,"editorialSystem":"em","reportingPortfolio":"Springer Hybrid","inReviewEnabled":true,"inReviewRevisionsEnabled":false},"keywords":"Cyber threats, attribution, CTI, indicators, threat actors, attribution model","lastPublishedDoi":"10.21203/rs.3.rs-7496589/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-7496589/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"The role of cyberspace in geopolitical conflicts - as the experience of recent decades clearly demonstrates - is continually expanding. The activities of state sponsored and other cyber actors are becoming increasingly frequent, complex, and sophisticated. To understand and analyze a potential cyberattack in detail, it is essential to identify and select an appropriate analytical framework. There are currently several frameworks and models for analyzing cyber threats, but these were developed for different purposes and primarily focus on technical analysis. However, when analyzing a complex attack, we must also consider additional non-technical aspects that are not or are only partially covered by the known models.\nThis research aims to conduct a comparative analysis of publicly available threat models and frameworks, with a particular focus on their applicability in the context of cyber threat attribution.\nThe study evaluates the applicability of individual frameworks during attribution based on a uniquely created set of criteria. The purpose of the comparative analysis is to understand the strengths, weaknesses, and shortcomings of individual models in light of the identification of cyber actors behind cyber threats.","manuscriptTitle":"A comparative analysis of threat models in the context of cyber threat attribution","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2025-09-15 18:46:24","doi":"10.21203/rs.3.rs-7496589/v1","editorialEvents":[{"type":"communityComments","content":0},{"type":"decision","content":"Revision requested","date":"2025-11-11T12:57:33+00:00","index":"","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2025-11-06T06:18:29+00:00","index":"hide","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2025-10-29T13:45:11+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"23866537777931125203220802724567103712","date":"2025-10-28T03:24:49+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"318461524023172008763043263405540450767","date":"2025-10-28T03:21:02+00:00","index":"hide","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2025-10-23T04:16:37+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"98484037293809227003759808878435633","date":"2025-09-11T07:07:27+00:00","index":"hide","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2025-09-11T04:18:07+00:00","index":"hide","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2025-09-10T21:12:05+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"41192003351471368000559117290301000509","date":"2025-09-10T06:26:37+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"55023062257775816575566757871880753877","date":"2025-09-08T09:42:57+00:00","index":"hide","fulltext":""},{"type":"reviewersInvited","content":"","date":"2025-09-08T05:07:20+00:00","index":"","fulltext":""},{"type":"editorAssigned","content":"","date":"2025-09-05T06:33:27+00:00","index":"","fulltext":""},{"type":"checksComplete","content":"","date":"2025-09-04T07:56:45+00:00","index":"","fulltext":""},{"type":"submitted","content":"International Journal of Information Security","date":"2025-08-30T16:48:02+00:00","index":"","fulltext":""}],"status":"published","journal":{"display":true,"email":"[email protected]","identity":"international-journal-of-information-security","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":false,"externalIdentity":"ijis","sideBox":"Learn more about [International Journal of Information Security](http://link.springer.com/journal/10207)","snPcode":"10207","submissionUrl":"https://submission.nature.com/new-submission/10207/3","title":"International Journal of Information Security","twitterHandle":"","acdcEnabled":true,"dfaEnabled":true,"editorialSystem":"em","reportingPortfolio":"Springer Hybrid","inReviewEnabled":true,"inReviewRevisionsEnabled":false}}],"origin":"","ownerIdentity":"35861c8e-8eff-46b1-8480-88d0c0ba0e25","owner":[],"postedDate":"September 15th, 2025","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"under-review","subjectAreas":[],"tags":[],"updatedAt":"2026-05-10T09:24:39+00:00","versionOfRecord":[],"versionCreatedAt":"2025-09-15 18:46:24","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-7496589","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-7496589","identity":"rs-7496589","version":["v1"]},"buildId":"XKTyCvWXoU3ODBz1xrDgd","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}