| fullrecord |
[{"key": "dc.contributor.advisor", "value": "Lehto, Marti", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Siukonen, Veikko", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2019-06-04T12:03:36Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2019-06-04T12:03:36Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2019", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/64330", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Tietoverkkohy\u00f6kk\u00e4ysten m\u00e4\u00e4r\u00e4, niiden kehittyneisyys ja vaikutukset ovat kasvaneet merkitt\u00e4v\u00e4sti viime vuosina. Erityisesti edistyneist\u00e4 ja pitk\u00e4kestoisista uhkista (Advanced Persistent Threat, APT) on muodostunut turvallisuusuhka yksil\u00f6ille ja organisaatioille, kuten Iranin ydinaseohjelman hidastaminen 2010, ukrainalaiseen s\u00e4hk\u00f6voimalan j\u00e4rjestelmiin tunkeutuminen 2015 ja Yhdysvalloissa demokraattipuolueeseen kohdistunut tietomurto 2016. Havaituista operaatioista laaditut raportit ovat luonteeltaan teknisi\u00e4 ilman inhimillisen ulottuvuuden arviointia ja keskittyv\u00e4t operaatiossa k\u00e4ytettyjen haittaohjelmien, toimittamismenetelmien sek\u00e4 hy\u00f6kk\u00e4\u00e4j\u00e4n ja kohteen v\u00e4lisen verkkoliikenteen analysointiin. T\u00e4m\u00e4n tutkimuksen tavoitteena on laajentaa tarkastelukulmaa tutkimalla hy\u00f6kk\u00e4\u00e4j\u00e4n inhimillist\u00e4 ulottuvuutta p\u00e4\u00e4t\u00f6ksenteossa. Erittelem\u00e4ll\u00e4 operaation p\u00e4\u00e4t\u00f6ksentekoprosessia ja siihen vaikuttavia tekij\u00f6it\u00e4 voidaan hy\u00f6kk\u00e4\u00e4j\u00e4st\u00e4 saada merkityksellist\u00e4 tietoa suojautumismenetelmien kehitt\u00e4miseksi. Operaation vaiheiden mallintamiseksi on valittu seitsem\u00e4nvaiheinen Intrusion Kill Chain (IKC) malli. Malli perustuu periaatteeseen, jonka mukaan operaatio koostuu toisiaan seuraavista vaiheista ja siirtyminen seuraavaan vaiheeseen edellytt\u00e4\u00e4 onnistumista edellisess\u00e4. P\u00e4\u00e4t\u00f6ksentekoprosessin mallintamiseen on valittu John Boydin esittelem\u00e4 nelivaiheinen OODA-loop (Observation, Orientation, Decision, Action). T\u00e4m\u00e4 on kvalitatiivinen tutkimus, joka pyrkii teoriasidonnaisen sis\u00e4ll\u00f6nanalyysin keinoin vastaamaan tutkimusteht\u00e4v\u00e4\u00e4n. Tutkimus on luonteeltaan kartoittava. Analyysiaineisto koostuu APT-ryhmien toimintaa k\u00e4sittelevist\u00e4 julkisista raporteista. Tutkimuksen keskeisin tulos on, ett\u00e4 t\u00e4ss\u00e4 tutkimuksessa esitelt\u00e4v\u00e4\u00e4 IKC-mallin ja OODA-loopin yhdist\u00e4v\u00e4\u00e4 teoreettista viitekehyst\u00e4 voidaan soveltaa APT-operaation p\u00e4\u00e4t\u00f6ksentekoprosessin j\u00e4sent\u00e4miseen ja analysoimiseen. Lis\u00e4ksi johtop\u00e4\u00e4t\u00f6ksin\u00e4 esitet\u00e4\u00e4n, ett\u00e4 hy\u00f6kk\u00e4\u00e4j\u00e4n p\u00e4\u00e4t\u00f6ksentekoprosessin tunnistaminen mahdollistaa suojautumismenetelmien kehitt\u00e4misen.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "The number of cyberattacks, as well as their sophistication and impact, has risen significantly in recent years. Especially Advanced Persistent Threat (APT) presents a security threat against individuals and organizations, such as in the cases of the deceleration of Iran's nuclear weapons program in 2010, the intrusion to Ukraine's power plant system in 2015, and the targeted data breach in the Democratic Party of the United States in 2016. Reports on detected operations are technical in nature and do not consider the human aspect, focusing instead on the malware used, the delivery methods, and the analysis of network traffic between attackers and targets. The purpose of this study is to broaden the scope of current research by examining the human aspects of an attacker's decision-making. By analyzing the decision-making process behind an operation, as well as the factors influencing the said process, one can extract relevant information from the attacker to support the development of protective measures. The seven-step Intrusion Kill Chain (IKC) model is used as a theoretical framework for APT operations and its phases. The model rests on the principle that an operation consists of consecutive stages which must each be completed before moving to the next. The decision-making process is analyzed through John Boyd\u2019s OODA-loop framework (Observation, Orientation, Decision, and Action). This exploratory qualitative study aims to utilize theory-driven content analysis to answer research questions. The analyzed literature consists of publicly available reports on the activities of APT groups. The main conclusion is that the theoretical framework presented in this study, which combines the IKC model and the OODA-loop, can be used to parse and analyze the decision-making process behind an APT-operation. Furthermore, it is suggested that identifying an attacker's decision-making process enables the development of defences and protective measures.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Miia Hakanen (mihakane@jyu.fi) on 2019-06-04T12:03:36Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2019-06-04T12:03:36Z (GMT). No. of bitstreams: 0\n Previous issue date: 2019", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "67", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "fin", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "advanced persistent threat", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "edistynyt pitk\u00e4kestoinen uhka", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "intrusion kill chain", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "APT-operaation inhimilliset tekij\u00e4t : operaation tarkastelu p\u00e4\u00e4t\u00f6ksenteon n\u00e4k\u00f6kulmasta", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-201906042938", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietojenk\u00e4sittelytiede", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Computer Science", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "operaatiot", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "p\u00e4\u00e4t\u00f6ksenteko", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
|