P123. Threat Analysis and Corpus Construction for Cybercrime Investigation

• In Event: Poster Session & Ice Cream Social

Abstract

Introduction:
Currently, cybercriminals launch various attacks against individuals, businesses, and public institutions alike. To prevent damage from such attacks, detection and classification methods for cybercriminals are being developed. At present, we are examining the corpus necessary for these cybercrime investigation systems and its operational scheme.

Methods:
We conducted a TTPs (Tactics, Techniques, and Procedures) analysis of cyberattacks targeting Japanese medical and educational institutions using the ATT&CK framework. TTPs refer to the characteristics of cyberattacks, such as attack objectives and patterns. Based on the ATT&CK framework, we analyzed cyberattack phases in 14 stages and estimated the severity of threats. Currently, using the insights gained from these analyses and investigation materials, we are constructing a corpus useful for cybercrime investigation.

keywords:
Corpus, TTPs, ATT&CK, Cybercrime investigation

Author

• DAIJI HARIO, Setsunan University