| fullrecord |
[{"key": "dc.contributor.advisor", "value": "Lehto, Martti", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Pudas, Miia", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2023-02-24T06:22:46Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2023-02-24T06:22:46Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2023", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/85626", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Tapaustutkimuksena tehdyss\u00e4 tutkielmassa tarkoituksena on selvitt\u00e4\u00e4 millaisia mahdollisia indikaattoreita voitaisiin havaita kyberuhkatiedustelun avulla. Tutkimuksessa k\u00e4ytet\u00e4\u00e4n kolmen eri APT-ryhm\u00e4n tekemi\u00e4 APT-hy\u00f6kk\u00e4yksi\u00e4 esimerkkein\u00e4 ja pyrit\u00e4\u00e4n ker\u00e4\u00e4m\u00e4\u00e4n kyberuhkatietoa n\u00e4ihin hy\u00f6kk\u00e4yksiin liittyen. Esimerkkitapauksien osalta sek\u00e4 pintanetist\u00e4 ett\u00e4 Dark webist\u00e4 haetaan APT-ryhmien k\u00e4ytt\u00e4mi\u00e4 ty\u00f6kaluja ja pohditaan millaista kyberuhkatietoa olisi voinut olla saatavilla APT-ryhmien hy\u00f6kk\u00e4yksien tapahtuessa. \nTutkimusta taustoitetaan esittelem\u00e4ll\u00e4 keskeisi\u00e4 k\u00e4sitteit\u00e4, kuten TOR-verkko, mit\u00e4 kyberuhkatiedustelu tarkoittaa, haittaohjelmat ja miten APT-lyhenne eroaa esimerkiksi tietokoneviruksista. Lis\u00e4ksi esitell\u00e4\u00e4n kirjallisuudessa esiintyvi\u00e4 erilaisia kyberhy\u00f6kk\u00e4ysmalleja. Lis\u00e4ksi kuvaillaan kyberhy\u00f6kk\u00e4yksen havaitsemista ja sen haasteita erityisesti APT-hy\u00f6kk\u00e4yksien osalta.\nTutkimuksen tuloksien osalta esiin nousee useita haasteita sek\u00e4 tiedonkeruussa ett\u00e4 erilaisten APT-esimerkkiryhmien toimintoihin liittyen. Kolmesta eri APT-ryhmist\u00e4 kaksi oli ollut aktiivisessa toiminnassa ennen valittua esimerkkitapausta, mutta kolmas APT-ryhm\u00e4 nousi julkisuuteen vasta APT-hy\u00f6kk\u00e4yksens\u00e4 paljastuttua. Tutkimuksen tarkoitukseen vastattaessa esimerkkitapauksien osalta kyberuhkatiedustelun havaittavissa olevat erilaiset indikaattorit heijastelevat my\u00f6s t\u00e4t\u00e4. Aktiivisessa toiminnassa olevista APT-ryhmist\u00e4 l\u00f6ytyi indikaattoreita huomattavasti runsaammin verrattuna APT-ryhm\u00e4\u00e4n, jonka toiminta paljastui vasta ryhm\u00e4n APT-hy\u00f6kk\u00e4yksen tavoitteiden t\u00e4ytytty\u00e4.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Three chosen APT attacks are used as examples in this master\u2019s thesis. The thesis is case study and the purpose is to study whether there are any indicators of intelligence related to example APT attacks that cyber threat intelligence could find out. Cyber threat intelligence is collected both from surface web and dark net. The main research question asks if there are any signs to be detected while the APT attack is being prepared, while attack is ongoing or only after attack has been completed. \nTheoretical background is based on introducing key theoretical concepts, such as TOR network, what is cyber threat intelligence, what is malware and how APT is different from ordinary malware. Different cyber threat models are also introduced and a general cyber-attack model is also explained. IoA, IoB and IoC concepts are mentioned in addition with challenges related to detecting cyber-attacks and especially challenges related to detecting APT attacks. \nThesis had several challenges related to both collecting indicators of intelligence and how different those tactics, tools and procedures were between chosen APT groups. Some of the APT groups had been active for a long time before chosen example APT attack but one of the APT attack groups were detected only after it had completed its mission successfully. The results also indicate this and those example APT groups that had been active for a long time before chosen APT attacks had left indicators of intelligence. On the contrary was the case with the APT group that was detected only after completing its mission.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2023-02-24T06:22:46Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2023-02-24T06:22:46Z (GMT). No. of bitstreams: 0\n Previous issue date: 2023", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "74", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "fin", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": null, "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "APT", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "kyberuhkatiedustelu", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "Indicators of Intelligence", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Tapaustutkimus kolmen APT-hy\u00f6kk\u00e4yksen mahdollisten indikaattoreiden havaitsemisesta kyberuhkatiedustelun avulla", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202302241889", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Turvallisuus ja strateginen analyysi", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Turvallisuus ja strateginen analyysi", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.copyright", "value": "\u00a9 The Author(s)", "language": null, "element": "rights", "qualifier": "copyright", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "verkkohy\u00f6kk\u00e4ykset", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietoturva", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "haittaohjelmat", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tiedustelu", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
|