Abstract Traditional methods for detecting cyber attacks rely on predefined databases of known signatures and machine learning models to identify abnormal behavior. However, the increasing sophistication and diversity of cyber threats highlight the limitations of these approaches. This paper introduces Fronesis, an innovative method for early detection of ongoing cyber attacks based on digital forensics. Fronesis integrates ontological reasoning with frameworks such as MITRE ATT&CK and the Cyber Kill Chain model, utilizing continuously gathered digital artifacts from monitored systems. By applying rule-based reasoning on the Fronesis cyber-attack detection ontology, the approach identifies adversarial techniques present in the collected data. These techniques are then correlated with tactics mapped to specific phases of the Cyber Kill Chain model, enabling the early detection of cyber attacks in progress. The effectiveness of Fronesis is illustrated through a practical scenario involving an email phishing attack.
Keywords: MITRE ATT&CK framework, the Cyber Kill Chain model
| DOI: 10.17148/IARJSET.2024.11725