METHODOLOGICAL FRAMEWORK FOR THE ATTRIBUTION OF HYBRID AGGRESSION ACTORS IN THE NATIONAL CYBERSPACE
DOI:
https://doi.org/10.28925/2663-4023.2025.30.904Keywords:
cyberattack attribution, hybrid warfare, national cybersecurity, information-psychological operationsAbstract
In the context of the ongoing hybrid aggression against Ukraine, the ability to accurately attribute the sources of hostile actions in cyberspace is not merely a technical task but a critical element of national security. This article proposes a solution to the scientific problem of developing a comprehensive methodological framework for the attribution of hybrid threat actors. In the introduction, the author reveals the urgency of the problem, driven by the need for effective counteraction to coordinated cyber and information-psychological operations. An analysis of contemporary research by domestic and foreign scholars shows that existing approaches to attribution are often fragmented, focusing on either technical aspects or content analysis, which necessitates a unified, systemic methodology. The purpose of this work is to develop a holistic methodology for the attribution of hybrid aggression actors, which allows for the integration and synthesis of diverse data to form substantiated conclusions. The theoretical basis of the research includes concepts of hybrid warfare and modern approaches to big data analysis. The methodology involves systemic analysis, the dialectical method, and modeling, which enabled the structuring of the complex, multi-stage attribution process. The key scientific result is the proposed multi-level attribution model, which combines analysis on three levels: technical (analysis of infrastructure, malicious code, and other digital artifacts), tactical (identification of persistent behavioral patterns, tactics, techniques, and procedures), and strategic (analysis of narratives, objectives, and their correlation with the aggressor state's geopolitical interests). The article also formulates a system of criteria for the verification and assessment of the reliability of attribution findings. In the conclusions, the author argues that the proposed model can significantly enhance the evidential value and validity of attribution, providing a deeper understanding of the adversary's strategy. Prospects for further research include the development of applied analytical tools based on artificial intelligence and the study of legal mechanisms for implementing the research results.
Downloads
References
Natsionalna politsiia Ukrainy [National Police of Ukraine]. (n.d.). Ofitsiinyi sait Kiberpolitsii Ukrainy [Official site of the Cyberpolice of Ukraine]. Retrieved August 3, 2025, from https://cyberpolice.gov.ua/
Derzhavna sluzhba spetsialnoho zviazku ta zakhystu informatsii Ukrainy [State Service of Special Communications and Information Protection of Ukraine]. (n.d.). Ofitsiinyi sait [Official site]. Retrieved August 3, 2025, from https://cip.gov.ua/ua/news
Buriachenko, O. (2024). Hibrydna viina yak nova forma hlobalnoho protystoiannia [Hybrid warfare as a new form of global confrontation]. Naukovi pratsi Mizhrehionalnoi akademii upravlinnia personalom [Scientific works of the Interregional Academy of Personnel Management], (2), 24–31.
Zinchenko, O.I. (2025). Protydiia kiberteroryzmu yak zahrozi suchasnii natsionalnii bezpetsi derzhav Yevropeiskoho rehionu [Countering cyberterrorism as a threat to the modern national security of the states of the European region] [Doctoral dissertation, V. N. Karazin Kharkiv National University].
Verkhovtseva, I.H. (2024). Hlobalnyi kiberprostir ta opir informatsiinii ahresii: kiberdyplomatiia Ukrainy u protydii rosiiskii informatsiinii invazii [Global cyberspace and resistance to information aggression: Cyberdiplomacy of Ukraine in countering the Russian information invasion]. In Hlobalnyi kiberprostir: suchasni vyklyky ta rishennia [Global cyberspace: Modern challenges and solutions] (pp. 213–243). Baltija Publishing. http://www.baltijapublishing.lv/omp/index.php/bp/catalog/view/510/13505/28342-1
Rid, T. (2020). Active Measures: The Secret History of Disinformation and Political Warfare. Center for the Study of Intelligence. https://www.cia.gov/resources/csi/static/active-measures-and-information-wars.pdf
The NATO Cooperative Cyber Defence Centre of Excellence. (n.d.). The NATO Cooperative Cyber Defence Centre of Excellence. Retrieved August 23, 2025, from https://ccdcoe.org/
Lunhol, O.M. (2025). Synerhiia tsyfrovoi rozvidky ta alhorytmiv shtuchnoho intelektu dlia efektyvnoho vyiavlennia kiberzahroz [Synergy of digital intelligence and artificial intelligence algorithms for effective detection of cyber threats]. Nauka i tekhnika sohodni [Science and Technology Today], (2), 1320–1332.
Lunhol, O. (2024). Ohliad metodiv ta stratehii kiberbezpeky zasobamy shtuchnoho intelektu [Review of cybersecurity methods and strategies by means of artificial intelligence]. Elektronne fakhove naukove vydannia «Kiberbezpeka: osvita, nauka, tekhnika» [Electronic professional scientific publication "Cybersecurity: education, science, technology"], (1), 379–389.
Popov, G., & Orobets, K. (2025). Assessing War Crimes During Armed Conflicts: Insights from Ukraine and Global Standards. Journal of Lifestyle and SDGs Review, 5(1), e03391. https://doi.org/10.47172/2965-730X.SDGsReview.v5.n01.pe03391
Boiko, R. (2024). Tsyfrovi innovatsii v zapobihanni zlochynnosti ta profilaktytsi kryminalnykh pravoporushen [Digital innovations in crime prevention and prophylaxis of criminal offenses]. In Vzaiemodiia derzhavnykh orhaniv ta hromadskosti u sferi protydii kryminalnym pravoporushenniam u tsentralnykh rehionakh Ukrainy: zbirnyk materialiv kruhloho stolu [Interaction of state bodies and the public in the field of countering criminal offenses in the central regions of Ukraine: Collection of materials of the round table] (pp. 144–146). DonDUVS.
Shaiets, Ye., & Lunhol, O. (2022). Vykorystannia khanipotiv dlia vyiavlennia merezhevykh atak [The use of honeypots for detecting network attacks]. In Informatsiina bezpeka ta informatsiini tekhnolohii: zbirnyk tez dopovidei IV Mizhnarodnoi naukovo-praktychnoi konferentsii, IBIT 2022 [Information security and information technologies: Collection of abstracts of the IV International scientific and practical conference, ISIT 2022] (pp. 93–95). Rastr-7.
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Ольга Лунгол
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
