Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Fronesis: Digital Forensics-Based Early Detection of Οngoing Cyber-Attacks

Published

Author(s)

Athanasios Dimitriadis, Efstratios Lontzetidis, Boonserm Kulvatunyou, Nenad Ivezic, Dimitris Gritzalis, Ioannis Mavridis

Abstract

Traditional attack detection approaches utilize predefined databases of known signatures about already-seen tools and malicious activities observed in past cyber-attacks to detect future attacks. More sophisticated approaches apply machine learning to detect abnormal behavior. Nevertheless, a growing number of successful attacks and the increasing ingenuity of attackers prove that these approaches are insufficient. This paper introduces an approach for digital forensics-based early detection of ongoing cyber-attacks called Fronesis. The approach combines ontological reasoning with the MITRE ATT&CK framework, the Cyber Kill Chain model, and the digital artifacts acquired continuously from the monitored computer system. Fronesis examines the collected digital artifacts by applying rule-based reasoning on the Fronesis cyber-attack detection ontology to identify traces of adversarial techniques. The identified techniques are correlated to tactics, which are then mapped to corresponding phases of Cyber Kill Chain model, resulting in the detection of an ongoing cyber-attack. Finally, the proposed approach is demonstrated through an email phishing attack scenario.
Citation
IEEE Access Journal
Volume
11

Keywords

Cyber-Attack Detection, Cyber Kill Chain, MITRE ATT&CK, Digital Artifacts, Ontology, Rule-based Reasoning, Cybersecurity.

Citation

Dimitriadis, A. , Lontzetidis, E. , Kulvatunyou, B. , Ivezic, N. , Gritzalis, D. and Mavridis, I. (2022), Fronesis: Digital Forensics-Based Early Detection of Οngoing Cyber-Attacks, IEEE Access Journal, [online], https://doi.org/10.1109/ACCESS.2022.3233404, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=934110 (Accessed April 30, 2024)
Created December 30, 2022, Updated October 5, 2023