Argumentation Models for Cyber Attribution
This addresses the challenge of cyber attribution for security analysts, though it is incremental as it builds on existing formal reasoning frameworks.
The paper tackled the problem of attributing cyber-attacks by combining information from multiple sources, and achieved a performance improvement from 37% to 62% in identifying attackers using a dataset from DEFCON capture-the-flag events.
A major challenge in cyber-threat analysis is combining information from different sources to find the person or the group responsible for the cyber-attack. It is one of the most important technical and policy challenges in cyber-security. The lack of ground truth for an individual responsible for an attack has limited previous studies. In this paper, we take a first step towards overcoming this limitation by building a dataset from the capture-the-flag event held at DEFCON, and propose an argumentation model based on a formal reasoning framework called DeLP (Defeasible Logic Programming) designed to aid an analyst in attributing a cyber-attack. We build models from latent variables to reduce the search space of culprits (attackers), and show that this reduction significantly improves the performance of classification-based approaches from 37% to 62% in identifying the attacker.