Research Output
An Enhanced Cyber Attack Attribution Framework
  Advanced Persistent Threats (APTs) are considered as the threats that are the most challenging to detect and defend against. As APTs use sophisticated attack methods, cyber situational awareness and especially cyber attack attribution are necessary for the preservation of security of cyber infrastructures. Recent challenges faced by organizations in the light of APT proliferation are related to the: collection of APT knowledge; monitoring of APT activities; detection and classification of APTs; and correlation of all these to result in the attribution of the malicious parties that orchestrated an attack. We propose the Enhanced Cyber Attack Attribution (NEON) Framework, which performs attribution of malicious parties behind APT campaigns. NEON is designed to increase societal resiliency to APTs. NEON combines the following functionalities: (i) data collection from APT campaigns; (ii) collection of publicly available data from social media; (iii) honeypots and virtual personas; (iv) network and system behavioural monitoring; (v) incident detection and classification; (vi) network forensics; (vii) dynamic response based on game theory; and (viii) adversarial machine learning; all designed with privacy considerations in mind.

  • Date:

    27 July 2018

  • Publication Status:


  • Publisher

    Springer International Publishing

  • DOI:


  • Library of Congress:

    QA75 Electronic computers. Computer science

  • Dewey Decimal Classification:

    005.8 Data security

  • Funders:

    Edinburgh Napier Funded


Pitropakis, N., Panaousis, E., Giannakoulias, A., Kalpakis, G., Rodriguez, R. D., & Sarigiannidis, P. (2018). An Enhanced Cyber Attack Attribution Framework. In S. Furnell, H. Mouratidis, & G. Pernul (Eds.), Trust, Privacy and Security in Digital Business. TrustBus 2018, 213-228.



Advanced Persistent Threats (APTs), cyber attack, Enhanced Cyber Attack Attribution (NEON) Framework,

Monthly Views:

Available Documents