An Argumentation-Based Framework to Address the Attribution Problem in Cyber-Warfare
This addresses the attribution problem in cyber-warfare for analysts, offering a formal reasoning system to handle uncertain evidence, but it appears incremental as it builds on existing methods like argumentation and logic programming.
The paper tackles the problem of attributing cyber-operations when evidence is conflicting or uncertain by introducing the InCA framework, which combines argumentation-based reasoning, logic programming, and probabilistic models to aid analysts in making attributions and providing explanations.
Attributing a cyber-operation through the use of multiple pieces of technical evidence (i.e., malware reverse-engineering and source tracking) and conventional intelligence sources (i.e., human or signals intelligence) is a difficult problem not only due to the effort required to obtain evidence, but the ease with which an adversary can plant false evidence. In this paper, we introduce a formal reasoning system called the InCA (Intelligent Cyber Attribution) framework that is designed to aid an analyst in the attribution of a cyber-operation even when the available information is conflicting and/or uncertain. Our approach combines argumentation-based reasoning, logic programming, and probabilistic models to not only attribute an operation but also explain to the analyst why the system reaches its conclusions.