FORENSISOFT: EARLY DETECTION OF ONGOING CYBER-ATTACKS

Authors

  • Mohammed Maaz Ahmed2, Mohammed Ameen Hussain, Syed Zeeshan Ullah Ghouri B. E Student, Department of CSE, ISL College of Engineering, India. Author

Abstract

Traditional attack detection approaches utilize predefined databases of known signatures about
already-seen tools and malicious activities observed in past cyber-attacks to detect future attacks. More
sophisticated approaches apply machine learning to detect abnormal behavior. Nevertheless, a growing number
of successful attacks and the increasing ingenuity of attackers prove that these approaches are insufficient. This
paper introduces an approach for digital forensics-based early detection of ongoing cyber-attacks called
Forensisoft. The approach combines ontological reasoning with the MITRE ATT&CK framework, the Cyber
Kill Chain model, and the digital artifacts acquired continuously from the monitored computer system.
Forensisoft examines the collected digital artifacts by applying rule based reasoning on the Forensisoft cyberattack
detection ontology to identify traces of adversarial techniques. The identified techniques are correlated to
tactics, which are then mapped to corresponding phases of the Cyber Kill Chain model, resulting in the detection
of an ongoing cyber-attack. Finally, the proposed approach is demonstrated through an email phishing attack
scenario.

Downloads

Published

2024-04-29

Issue

Vol. 14 No. 2 (2024): April-June

Section

Articles

How to Cite

FORENSISOFT: EARLY DETECTION OF ONGOING CYBER-ATTACKS. (2024). International Journal of Engineering and Science Research, 14(2), 524-538. https://www.ijesr.org/index.php/ijesr/article/view/733