Description:Field of the Invention

The present disclosure generally relates to cybersecurity systems. Particularly, the present disclosure relates to a system for attributing cyber attacks.

Background
The background description includes information that may be useful in understanding the present invention. It is not an admission that any of the information provided herein is prior art or relevant to the presently claimed invention, or that any publication specifically or implicitly referenced is prior art.
In the realm of cybersecurity, the attribution of cyber-attacks plays an important role in understanding and modifying threats. Cyber attacks are becoming increasingly, making cyber attacks challenging to identify the perpetrators and prevent future incidents. Traditional methods for attributing cyber attacks often rely on centralized databases and analysis tools, which may be vulnerable to tampering and unauthorized access. Traditional methods may also lack the necessary robustness to handle the volume and complexity of data generated by modern cyber threats.
One approach to improving the attribution of cyber attacks comprises the collection of data from various sources. Data collection enables the gathering of information regarding cyber incidents, which is essential for effective analysis and attribution. However, the standardization and anonymization of collected data are vital to provide its utility and protect the privacy of individuals involved. The standardization and anonymization processes are necessary to prepare the data for further analysis while maintaining its integrity and confidentiality.
The application of cryptographic techniques to cyber attack data represents another significant method in the cybersecurity domain. Cryptographic hashing and digital signatures are employed to secure the data, providing data authenticity and preventing tampering. Cryptographic hashing and digital signatures generate unique identifiers for the data and sign it with digital signatures using private keys, thereby improving the security and trustworthiness of the information.
The use of decentralized ledger technique, such as blockchain, introduces an approach to recording and storing data related to cyber attacks. Decentralized ledger technique offers a secure and tamper-proof method of data storage, making decentralized ledger technique highly resistant to unauthorized modifications. The decentralized nature of the ledger provides that the data remains secure and accessible across multiple nodes in a network.
Furthermore, the validation of data recorded on the blockchain is achieved through consensus mechanisms. The consensus mechanisms enable multiple nodes in the network to agree on the validity of the data, providing its accuracy and reliability. The consensus mechanisms are important for maintaining the integrity of the data stored on the decentralized ledger.
Access control mechanisms play a vital role in managing view and interact with the data recorded on the blockchain. The Access control mechanisms offers that sensitive information is accessible only to authorized individuals, thereby protecting the confidentiality of the data.
Encryption of sensitive information within the ledger further improves the security of the data. By encrypting sensitive information, the system provides that even if unauthorized access is gained, the data remains protected and unreadable to the attacker.
Finally, the integration of an analysis and query interface facilitates the effective use of the data stored on the blockchain. The analysis and query interface allows for the searching and pattern analysis of cyber attack data, offering stakeholders to identify trends, understand attack vectors, and attribute cyber attacks more accurately.
In light of the above discussion, an urgent need for solutions which overcome the problems associated with conventional systems and techniques for the attribution of cyber attacks. The disclosure offers a robust and secure context for attributing cyber attacks, significantly improving the ability to identify perpetrators and prevent future incidents.
All publications herein are incorporated by reference to the same extent as if each individual publication or patent application were specifically and individually indicated to be incorporated by reference. Where a definition or use of a term in an incorporated reference is inconsistent or contrary to the definition of that term provided herein, the definition of that term provided herein applies and the definition of that term in the reference does not apply.
In some embodiments, the numbers expressing quantities of ingredients, properties such as concentration, reaction conditions, and so forth, used to describe and claim certain embodiments of the invention are to be understood as being modified in some instances by the term “about.” Accordingly, in some embodiments, the numerical parameters set forth in the written description and attached claims are approximations that can vary depending upon the desired properties sought to be obtained by a particular embodiment. In some embodiments, the numerical parameters should be construed in light of the number of reported significant digits and by applying ordinary rounding techniques. Notwithstanding that the numerical ranges and parameters setting forth the broad scope of some embodiments of the invention are approximations, the numerical values set forth in the specific examples are reported as precisely as practicable. The numerical values presented in some embodiments of the invention may contain certain errors necessarily resulting from the standard deviation found in their respective testing measurements.
As used in the description herein and throughout the claims that follow, the meaning of “a,” “an,” and “the” includes plural reference unless the context clearly dictates otherwise. Also, as used in the description herein, the meaning of “in” includes “in” and “on” unless the context clearly dictates otherwise.
The recitation of ranges of values herein is merely intended to serve as a shorthand method of referring individually to each separate value falling within the range. Unless otherwise indicated herein, each individual value is incorporated into the specification as if it were individually recited herein. All methods described herein can be performed in any suitable order unless otherwise indicated herein or otherwise clearly contradicted by context. The use of any and all examples, or exemplary language (e.g. “such as”) provided with respect to certain embodiments herein is intended merely to better illuminate the invention and does not pose a limitation on the scope of the invention otherwise claimed. No language in the specification should be construed as indicating any non-claimed element essential to the practice of the invention.
Groupings of alternative elements or embodiments of the invention disclosed herein are not to be construed as limitations. Each group member can be referred to and claimed individually or in any combination with other members of the group or other elements found herein. One or more members of a group can be included in, or deleted from, a group for reasons of convenience and/or patentability. When any such inclusion or deletion occurs, the specification is herein deemed to contain the group as modified thus fulfilling the written description of all Markush groups used in the appended claims.
Summary

In an aspect, the present disclosure aims to provide a system for attributing cyber attacks. The system comprises a data collection module configured to collect cyber attack data from a plurality of sources, a preprocessing module configured to standardize and anonymize the collected data, a cryptographic module configured to apply cryptographic hashing to the pre-processed data to generate unique identifiers and to sign the data with digital signatures using private keys, a decentralized ledger module configured to record the hashed and signed data in a blockchain, a consensus mechanism module configured to validate the recorded data across multiple nodes in a network using consensus protocols, an access control module configured to manage access permissions for the data recorded in the decentralized ledger, an encryption module configured to encrypt sensitive information within the ledger, and an analysis and query interface configured to enable searching and pattern analysis of the cyber-attack data recorded in the decentralized ledger. The incorporation of cryptographic hashing, digital signatures, and a consensus mechanism improves the integrity, non-repudiation, and verification of cyber attack data. The use of a blockchain-based decentralized ledger provides immutability and tamper-evidence of the data. Role-based access control and encryption safeguard sensitive information, while the analysis and query interface support effective cyber attack attribution.
Moreover, the cryptographic hashing is performed using secure hash techniques, which improves the integrity and non-repudiation of the cyber attack data. The consensus mechanism module utilizes one or more of Proof of Work (PoW), Proof of Stake (PoS), and Practical Byzantine Fault Tolerance (PBFT) protocols to achieve consensus among the nodes, thereby verifying accuracy and reliability of the data. Role-based access control restricts access to sensitive data within the decentralized ledger, providing data security and privacy.
Furthermore, the decentralized ledger module comprises a blockchain-based structure which maintains an immutable and tamper-evident record of cyber attack data. Digital signatures facilitate the verification of the data source and protect against spoofing attempts. Encryption provides which only authorized entities with corresponding decryption keys can access detailed information. The analysis and query interface supports real-time monitoring and analysis, facilitating the attribution of cyber attacks.
Various objects, features, aspects and advantages of the inventive subject matter will become more apparent from the following detailed description of preferred embodiments, along with the accompanying drawing figures in which like numerals represent like components.

Brief Description of the Drawings

FIG. 1 illustrates a system (100) for attributing cyber attacks, in accordance with the embodiments of the present disclosure.
FIG. 2 illustrates a method 200 for attributing cyber attacks using a cryptographically verified ledger, in accordance with the embodiments of the present disclosure.
FIG. 3 illustrates a workflow comprising several interconnected components within a secure data management system, in accordance with the embodiments of the present disclosure.
Detailed Description

The following discussion provides many example embodiments of the inventive subject matter. Although each embodiment represents a single combination of inventive elements, the inventive subject matter is considered to include all possible combinations of the disclosed elements. Thus, if one embodiment comprises elements A, B, and C, and a second embodiment comprises elements B and D, then the inventive subject matter is also considered to include other remaining combinations of A, B, C, or D, even if not explicitly disclosed.
The term ‘data collection module’ as used throughout the present disclosure relates to a component considered for aggregating cyber attack information from various sources. The system comprises a data collection module configured to collect cyber attack data from a multitude of sources. The data collection module gathers information which may be pertinent to cyber attacks, facilitating a database of incidents for further analysis. Such aggregation of cyber attack data from diverse sources is important for the thorough analysis and attribution of cyber attacks, thereby improving the system's effectiveness in identifying and reducing threats. Optionally, the data collection module may also filter irrelevant or redundant information to streamline the data collection process. A working example comprises the data collection module automatically collecting data from public and private threat intelligence feeds, network logs, and incident reports.
The term ‘preprocessing module’ as used throughout the present disclosure relates to a component intended for the normalization and anonymization of data. The preprocessing module standardizes and anonymizes the collected data, providing uniformity and privacy before further processing. Such standardization of data facilitates easier analysis and processing, while anonymization helps in maintaining the confidentiality of sensitive information. Optionally, the preprocessing module may employ techniques to identify and correct errors in the collected data. An operational example comprises the preprocessing module converting data into a common format and removing personal identifiers from incident reports.
The term ‘cryptographic module’ as used throughout the present disclosure relates to a component which applies cryptographic techniques to data. The cryptographic module is configured to apply cryptographic hashing to the pre-processed data to generate unique identifiers and to sign the data with digital signatures using private keys. The generation of unique identifiers and the application of digital signatures improve the security and integrity of the data, providing its authenticity and non-repudiation. Optionally, the cryptographic module may support multiple cryptographic techniques to accommodate varying security requirements. A practical example comprises the cryptographic module hashing data to create a unique hash value for each piece of data and signing it with private key of the system.
The term ‘decentralized ledger module’ as used throughout the present disclosure relates to a component responsible for maintaining a distributed ledger. The decentralized ledger module records the hashed and signed data in a blockchain, providing a tamper-evident and immutable record of cyber attack data. Such recording in a blockchain provides transparency and security, making the data verifiable and permanent. Optionally, the decentralized ledger module may implement smart contracts to automate certain operations based on predefined conditions. An example of operation comprises the decentralized ledger module adding a new block to the blockchain every time a new set of data is processed and verified.
The term ‘consensus mechanism module’ as used throughout the present disclosure relates to a component which facilitates agreement on the validity of transactions within a network. The consensus mechanism module validates the recorded data across multiple nodes in a network using consensus protocols. The consensus mechanism module validation process provides only legitimate data is recorded in the blockchain, improving the reliability and trustworthiness of the system. Optionally, the consensus mechanism module may incorporate various consensus protocols to suit different network configurations. An example of implementation comprises the consensus mechanism module using Proof of Work (PoW) or Proof of Stake (PoS) mechanisms to achieve consensus among network nodes.
The term ‘access control module’ as used throughout the present disclosure relates to a component considered to regulate access to data. The access control module manages access permissions for the data recorded in the decentralized ledger, providing only authorized entities can access or modify the data. Such management of access permissions is vital for maintaining the confidentiality and integrity of the data. Optionally, the access control module may implement role-based access control (RBAC) to define access rights based on user roles. An example involves the access control module allowing only verified analysts to query and analyse the recorded data.
The term ‘encryption module’ as used throughout the present disclosure relates to a component which secures sensitive information through encryption. The encryption module encrypts sensitive information within the ledger, protecting it from unauthorized access and breaches. Encryption provides the confidentiality of important data, even if access controls are bypassed. Optionally, the encryption module may support various encryption techniques to provide flexibility in security levels. A working example comprises the encryption module applying Advanced Encryption Standard (AES) encryption to sensitive data before it is recorded in the blockchain.
The term ‘analysis and query interface’ as used throughout the present disclosure relates to a component which facilitates the interrogation and examination of data. The analysis and query interface enables searching and pattern analysis of the cyber-attack data recorded in the decentralized ledger. Further, searching and pattern analysis capability allows users to derive insights and identify trends from the recorded data, aiding in the attribution of cyber attacks and the formulation of defensive approaches. Optionally, the analysis and query interface may provide progressive analytical tools and visualizations to improve ability to interpret the data of the user. An illustrative example comprises the analysis and query interface offering a dashboard with search functionality and pattern recognition techniques to identify common attributes of cyber attacks.
FIG. 1 illustrates a system (100) for attributing cyber attacks, in accordance with the embodiments of the present disclosure. The system (100) comprises a data collection module (102), a preprocessing module (104), a cryptographic module (106), a decentralized ledger module (108), a consensus mechanism module (110), an access control module (112), an encryption module (114) and an analysis and query interface (116).
In the embodiment, the cryptographic module (106) employs secure hash techniques for the cryptographic hashing of cyber attack data. The application of hash techniques is considered to provide the integrity of the data, means any alteration of the data can be detected, thereby maintaining data originality and accuracy. Furthermore, the process facilitates non-repudiation, which provides a means to verify that the data has not been altered post-signature and can be attributed to a specific source without dispute. By utilizing secure hash techniques, the cryptographic module (106) improves the security measures within the system (100), providing that the data related to cyber attacks is both trustworthy and verifiable. Hash techniques approach bolsters the system (100)’s defence mechanisms against tampering or forgery and reinforces the overall security posture and reliability of the system (100) in attributing cyber attacks accurately.
In another embodiment, the consensus mechanism module (110) integrates diverse consensus protocols, specifically Proof of Work (PoW), Proof of Stake (PoS), and Practical Byzantine Fault Tolerance (PBFT), to validate data across network nodes of the system (100). Each protocol offers a unique mechanism for achieving consensus, thereby providing the validity and integrity of the data recorded in the network. PoW requires nodes to perform complex computations, proving their promise to the network, which is particularly effective in deterring malicious activities due to the computational cost involved. PoS, on the other hand, assigns validation power based on the proportion of tokens or stake held by a node, promoting energy efficiency and stakeholder investment in security of the network. PBFT focuses on achieving consensus even in the presence of faulty or malicious nodes, improving the system (100) 's resilience against internal attacks and failures. By employing these protocols, the consensus mechanism module (110) provides a tailored approach to data validation, catering to the system (100) 's varying requirements and improving overall security.
Yet in another embodiment, the access control module (112) implements role-based access control (RBAC) as an approach for managing user permissions to the sensitive data stored within the decentralized ledger. RBAC is a method which assigns access rights based on the roles of individual users within an organization and facilitates a granular level of access management, allowing for accurate control over who can view, modify, or interact with the stored data. By aligning access permissions directly with the roles of the users, the system (100) provides that only authorized personnel have access to specific pieces of information, according to their responsibilities and needs. Further, RBAC streamlines the process of managing permissions but also significantly improves the security structure of the system (100). By limiting access to sensitive data based on roles, the system (100) minimizes the risk of unauthorized access or data breaches.
In an embodiment, the decentralized ledger module (108) incorporates a blockchain-based structure to offer the creation and maintenance of an immutable and tamper-evident record of cyber attack data. Blockchain technique is characterized by its distributed nature, where data is stored across a network of computers, making it nearly impossible to alter the information retrospectively without detection. Blockchain technique provides a high level of security and transparency, as each block in the chain contains a cryptographic hash of the previous block, a timestamp, and transaction data, thereby creating a chronological and unalterable history of data entries. The adoption of blockchain by the decentralized ledger module (108) significantly improves ability to securely store cyber attack data of the system (100). The blockchain-based immutable record-keeping provides that once data regarding a cyber attack is entered into the ledger, it cannot be altered or deleted, thus providing a verifiable and permanent record. Such a structure is indispensable for the accurate attribution of cyber attacks, as it provides the integrity of the data used in the analysis and attribution process. The blockchain-based structure fortifies the system (100) against tampering attempts and instils confidence in the accuracy and reliability of the recorded data..
In another embodiment, the cryptographic module (106) employs digital signatures to improve the security structure of the system (100), specifically addressing the verification of data sources and the protection against spoofing attempts. Digital signatures are cryptographic techniques which bind a document (or data) to the identity of the signer, using a unique digital key. Digital signature process provides the authenticity of the data source, confirming that the data has indeed been sent by the purported sender and has not been altered in transit. By verifying the origin of the data and its integrity, digital signatures provide a powerful tool against spoofing attacks, where an attacker might attempt to forge or masquerade as a legitimate source of data. The implementation of digital signatures by the cryptographic module (106) serves as an important layer of security, safeguarding the system (100) from such malicious activities and provides that only verified and authentic data is processed and stored within the system (100), thereby maintaining the reliability and trustworthiness of the cyber attack attribution process.
In an embodiment, the encryption module (114) plays a pivotal role in securing sensitive information stored within the decentralized ledger by enforcing encryption. Encryption process entails the conversion of data into a coded format which can only be accessed and deciphered by entities possessing the corresponding decryption keys. The adoption of encryption provides that even if unauthorized access to the ledger occurs, the information remains unintelligible and secure, safeguarding the confidentiality of the data. Encryption mechanism of selective access is fundamental in maintaining the privacy of sensitive information, as only authorized users with the correct decryption keys are granted the ability to view or manipulate the detailed information. The implementation of such encryption by the encryption module (114) is vital for preventing unauthorized disclosure, alteration, or theft of data, thereby improving the system (100)’s defence against breaches or cyber attacks. Therein, said level of security is essential for the integrity and trustworthiness of the system (100), providing that sensitive cyber attack data is protected throughout its lifecycle in the ledger.
In another embodiment, the analysis and query interface (116) are considered to empower the system (100) with real-time monitoring and analytical capabilities, significantly improving the system (100) effectiveness in attributing cyber attacks. The analysis and query interface (116) provides tools for the immediate analysis and scrutiny of cyber attack data as it is recorded in the decentralized ledger. By enabling real-time monitoring, the system (100) can swiftly detect and analyse emerging threats, patterns, and anomalies within the cyber attack data. Prompt detection and analysis is important for the timely attribution of cyber attacks, allowing for a quick response to ease damage. Furthermore, the analysis and query interface (116) facilitate the extraction of actionable insights from the vast amounts of data recorded in the ledger, thereby aiding in the identification of attack vectors, trends, and security vulnerabilities. The analysis and query interface (116) capability improves the system (100)’s ability to attribute cyber attacks accurately and supports security measures by informing the development of more effective defence plans. Through the implementation of the analysis and query interface (116), the system (100) becomes more agile and responsive in its approach to cyber security.
FIG. 2 illustrates a method 200 for attributing cyber attacks using a cryptographically verified ledger, in accordance with the embodiments of the present disclosure. The method 200 comprises collecting cyber attack data from a plurality of data sources (at step 202); At step 204, standardizing and anonymizing the collected data; At step 206, applying cryptographic hashing and digital signatures to the pre-processed data; At step 208, recording the cryptographically secured data on a blockchain within a decentralized ledger; At step 210, validating the recorded data using a consensus mechanism across a network of nodes; At step 212, managing access to the recorded data through an access control system; At step 214, encrypting sensitive portions of the data; and at step 216, analyzing and querying the cyber attack data using an interface.
FIG. 3 illustrates a workflow comprising several interconnected components within a secure data management system, in accordance with the embodiments of the present disclosure. Data sources are subject to preprocessing before undergoing cryptographic hashing, ensuring data integrity and security. Concurrently, digital signatures utilizing private keys are employed to authenticate data, which is then stored in a Decentralized Ledger Technology (DLT) system, often associated with blockchain technology. This ledger not only facilitates robust data storage but also allows for complex queries and analysis. Additionally, the system incorporates an access control mechanism to manage data access permissions effectively. Lastly, the workflow includes a dispute resolution process, crucial for addressing discrepancies and maintaining trust within the system. Such a setup is instrumental in ensuring secure, transparent, and efficient data transactions, pivotal for applications requiring high trust and data integrity levels.
Throughout the present disclosure, the term ‘processing means’ or ‘microprocessor’ or ‘processor’ or ‘processors’ includes, but is not limited to, a microprocessor, a microcontroller, a complex instruction set computing (CISC) microprocessor, a reduced instruction set (RISC) microprocessor, a very long instruction word (VLIW) microprocessor, or any other type of processing circuit.
It should be apparent to those skilled in the art that many more modifications besides those already described are possible without departing from the inventive concepts herein. The inventive subject matter, therefore, is not to be restricted except in the spirit of the appended claims. Moreover, in interpreting both the specification and the claims, all terms should be interpreted in the broadest possible manner consistent with the context. In particular, the terms “comprises” and “comprising” should be interpreted as referring to elements, components, or steps in a non-exclusive manner, indicating that the referenced elements, components, or steps may be present, or utilized, or combined with other elements, components, or steps that are not expressly referenced. Where the specification claims refer to at least one of something selected from the group consisting of A, B, C …. and N, the text should be interpreted as requiring only one element from the group, not A plus N, or B plus N, etc.

I/We claims:
1. A system (100) for attributing cyber attacks, the system (100) comprising:
a data collection module (102) to collect cyber attack data from a plurality of sources;
a preprocessing module (104) to standardize and anonymize the collected data;
a cryptographic module (106) to apply cryptographic hashing to the pre-processed data to generate unique identifiers and to sign the data with digital signatures using private keys;
a decentralized ledger module (108) to record the hashed and signed data in a blockchain;
a consensus mechanism module (110) to validate the recorded data across multiple nodes in a network using consensus protocols;
an access control module (112) to manage access permissions for the data recorded in the decentralized ledger;
an encryption module (114) to encrypt sensitive information within the ledger; and
an analysis and query interface (116) to enable searching and pattern analysis of the cyber-attack data recorded in the decentralized ledger.
2. The system (100) of claim 1, wherein the cryptographic hashing is performed using secure hash techniques to provide the integrity and non-repudiation of the cyber attack data.
3. The system (100) of claim 1, wherein the consensus mechanism module (110) utilizes one or more of Proof of Work (PoW), Proof of Stake (PoS), and Practical Byzantine Fault Tolerance (PBFT) protocols to achieve consensus among the nodes.
4. The system (100) of claim 1, wherein the access control module (112) employs role-based access control to restrict access to sensitive data within the decentralized ledger.
5. The system (100) of claim 1, wherein the decentralized ledger module (108) comprises a blockchain-based structure to maintain an immutable and tamper-evident record of cyber attack data.
6. The system (100) of claim 1, wherein the digital signatures facilitate verification of the data source and protect against spoofing attempts.
7. The system (100) of claim 1, wherein the encryption module (114) provides that only authorized entities with corresponding decryption keys can access detailed information.
8. The system (100) of claim 1, wherein the analysis and query interface (116) support real-time monitoring and analysis to facilitate the attribution of cyber attacks.
9. A method (200) for attributing cyber attacks using a cryptographically verified ledger, the method (200) comprising:
Collecting cyber attack data from a plurality of data sources;
Standardizing and anonymizing the collected data;
Applying cryptographic hashing and digital signatures to the pre-processed data;
Recording the cryptographically secured data on a blockchain within a decentralized ledger;
Validating the recorded data using a consensus mechanism across a network of nodes;
Managing access to the recorded data through an access control system;
Encrypting sensitive portions of the data; and
Analyzing and querying the cyber attack data using an interface.

The present disclosure provides a system for attributing cyber attacks, comprising: a data collection module configured to collect cyber attack data from a plurality of sources; a preprocessing module configured to standardize and anonymize the collected data; a cryptographic module configured to apply cryptographic hashing to the pre-processed data to generate unique identifiers and to sign the data with digital signatures using private keys; a decentralized ledger module configured to record the hashed and signed data in a blockchain; a consensus mechanism module configured to validate the recorded data across multiple nodes in a network using consensus protocols; an access control module configured to manage access permissions for the data recorded in the decentralized ledger; an encryption module configured to encrypt sensitive information within the ledger; and an analysis and query interface configured to enable searching and pattern analysis of the cyber-attack data recorded in the decentralized ledger. , Claims:I/We claims:
1. A system (100) for attributing cyber attacks, the system (100) comprising:
a data collection module (102) to collect cyber attack data from a plurality of sources;
a preprocessing module (104) to standardize and anonymize the collected data;
a cryptographic module (106) to apply cryptographic hashing to the pre-processed data to generate unique identifiers and to sign the data with digital signatures using private keys;
a decentralized ledger module (108) to record the hashed and signed data in a blockchain;
a consensus mechanism module (110) to validate the recorded data across multiple nodes in a network using consensus protocols;
an access control module (112) to manage access permissions for the data recorded in the decentralized ledger;
an encryption module (114) to encrypt sensitive information within the ledger; and
an analysis and query interface (116) to enable searching and pattern analysis of the cyber-attack data recorded in the decentralized ledger.
2. The system (100) of claim 1, wherein the cryptographic hashing is performed using secure hash techniques to provide the integrity and non-repudiation of the cyber attack data.
3. The system (100) of claim 1, wherein the consensus mechanism module (110) utilizes one or more of Proof of Work (PoW), Proof of Stake (PoS), and Practical Byzantine Fault Tolerance (PBFT) protocols to achieve consensus among the nodes.
4. The system (100) of claim 1, wherein the access control module (112) employs role-based access control to restrict access to sensitive data within the decentralized ledger.
5. The system (100) of claim 1, wherein the decentralized ledger module (108) comprises a blockchain-based structure to maintain an immutable and tamper-evident record of cyber attack data.
6. The system (100) of claim 1, wherein the digital signatures facilitate verification of the data source and protect against spoofing attempts.
7. The system (100) of claim 1, wherein the encryption module (114) provides that only authorized entities with corresponding decryption keys can access detailed information.
8. The system (100) of claim 1, wherein the analysis and query interface (116) support real-time monitoring and analysis to facilitate the attribution of cyber attacks.
9. A method (200) for attributing cyber attacks using a cryptographically verified ledger, the method (200) comprising:
Collecting cyber attack data from a plurality of data sources;
Standardizing and anonymizing the collected data;
Applying cryptographic hashing and digital signatures to the pre-processed data;
Recording the cryptographically secured data on a blockchain within a decentralized ledger;
Validating the recorded data using a consensus mechanism across a network of nodes;
Managing access to the recorded data through an access control system;
Encrypting sensitive portions of the data; and
Analyzing and querying the cyber attack data using an interface.