Authors : Gagan Jain B. S.

Volume/Issue : Volume 11 - 2026, Issue 4 - April

Google Scholar : https://tinyurl.com/mweth744

Scribd : https://tinyurl.com/32vd7vfd

DOI : https://doi.org/10.38124/ijisrt/26apr1405

Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.

Abstract : Open Source Intelligence (OSINT) plays a critical role in modern cyber incident response, enabling investigators to extract actionable insights from publicly available data. However, traditional approaches often rely on top-down logic— starting from a hypothesis and attempting to confirm it through data. This research introduces a novel Bottom-to-Top OSINT methodology focused specifically on relational attribution: the process of linking individuals, threat actors, and infrastructure based on verified open-source attributes. Our approach begins with a singular data point—such as an email or phone number—and builds upward through a structured process of contextual enrichment, relational mapping, and validation. The methodology is implemented through a custom-built tool named Sycek, which extracts and indexes breach-derived attributes and displays entity relationships via visual graphing and confidence scoring.  The Paper Contributes:  A structured, bottom-up methodology for relational attribution.  Demonstrated examples using synthetic and breach-derived data.  An iterative hybrid loop that integrates bottom-up discovery with top-down hypothesis validation.

References :

1. Acharya, B., Saha, D., & Mohan, S. (2023). The social structures of OSINT: Investigating crowdsourced cyber investigations. In Proceedings of the 2023 ACM Conference on Computer Supported Cooperative Work and Social Computing (CSCW). https://doi.org/10.1145/3579480
2. Haycox, D. (2023). Anatomy of a phish: Breaking down email attacks like an expert. Infosec Institute. https://resources.infosecinstitute.com
3. Mavroeidis, V., & Bromander, S. (2017). Cyber threat intelligence model: An evaluation of taxonomies, sharing standards, and ontologies within cyber threat intelligence. In 2017 European Intelligence and Security Informatics Conference (EISIC). IEEE. https://doi.org/10.1109/EISIC.2017.20
4. MITRE Corporation. (n.d.). MITRE ATT&CK® framework. https://attack.mitre.org
5. Mohamad, A. S., Al-Qershi, O., & Nizam, M. (2022). Evolving techniques in cyber threat hunting: A systematic review. IEEE Access, 10, 74521–74540. https://doi.org/10.1109/ACCESS.2022.3190110
6. Recorded Future. (2021). Threat intelligence handbook: A practical guide for security teams. https://www.recordedfuture.com
7. SEON. (2023). Open source intelligence (OSINT) techniques for fraud prevention. https://seon.io/resources/osint-techniques
8. Skopik, F., Settanni, G., & Fiedler, R. (2016). A problem shared is a problem halved: A survey on the dimensions of collective cyber defense through security information sharing. Computers & Security, 60, 154–176. https://doi.org/10.1016/j.cose.2016.03.003
9. Tegl, J. (2020). OSINT for business: How open source intelligence can drive strategy. LinkedIn Articles. https://www.linkedin.com/pulse/osint-business-johan-tegl
10. Europol. (2022). Internet organised crime threat assessment (IOCTA). https://www.europol.europa.eu