Argumentation Models for Cyber Attribution
Abstract
A major challenge in cyber-threat analysis is combining information from different sources to find the person or the group responsible for the cyber-attack. It is one of the most important technical and policy challenges in cyber-security. The lack of ground truth for an individual responsible for an attack has limited previous studies. In this paper, we take a first step towards overcoming this limitation by building a dataset from the capture-the-flag event held at DEFCON, and propose an argumentation model based on a formal reasoning framework called DeLP (Defeasible Logic Programming) designed to aid an analyst in attributing a cyber-attack. We build models from latent variables to reduce the search space of culprits (attackers), and show that this reduction significantly improves the performance of classification-based approaches from 37% to 62% in identifying the attacker.
Cite
@article{arxiv.1607.02171,
title = {Argumentation Models for Cyber Attribution},
author = {Eric Nunes and Paulo Shakarian and Gerardo I. Simari and Andrew Ruef},
journal= {arXiv preprint arXiv:1607.02171},
year = {2016}
}
Comments
8 pages paper to be presented at International Symposium on Foundations of Open Source Intelligence and Security Informatics (FOSINT-SI) 2016 In conjunction with ASONAM 2016 San Francisco, CA, USA, August 19-20, 2016