Instrumenting OpenCTI with a Capability for Attack Attribution Support

preprint OA: closed
View at publisher

Abstract

In addition to identifying and prosecuting cyber attackers, attack attribution activities can provide valuable information guiding the defenders’ security procedures and giving them greater confidence in incident response and remediation. However, technical analysis involved in cyberattack attribution requires high skills, experience, access to up-to-date Cyber Threat Intelligence, and significant investigators’ effort. Attribution results are not always reliable, and skilful attackers often work hard to cover their traces and mislead or confuse investigators. In this article, we present a tool designed to support technical attack attribution and implemented as a machine learning model extending the OpenCTI platform. We also discuss the tool’s performance in the investigation of a recent cyberattack.

My notes (saved in your browser only)

Citation neighborhood (no data yet)

We don't have any in-corpus citations linked to this paper yet. The paper's references may be in our DB but unresolved to ``paper_id`` (resolution happens at ingest when the cited DOI matches a row we already have). Run the cross-source citation reconcile pass to retry.

Source provenance

europepmc
last seen: 2026-05-19T01:45:01.086888+00:00