Abstract

A major challenge in cyberthreat analysis is combining information from different sources to find the person or the group responsible for the cyber-attack. In this chapter, we leverage the dataset from the capture-the-flag event held at DEFCON discussed in Chap. 2, and propose DeLP3E model comprised solely of the AM (that is, without probabilistic information) designed to aid an analyst in attributing a cyberattack. We build models from latent variables to reduce the search space of culprits (attackers), and show that this reduction significantly improves the accuracy of the classification-based approaches discussed in Chap. 2 from 37% to 62% in identifying the attacker.

Original languageEnglish (US)
Title of host publicationSpringerBriefs in Computer Science
PublisherSpringer
Pages75-84
Number of pages10
Edition9783319737874
DOIs
StatePublished - Jan 1 2018

Publication series

NameSpringerBriefs in Computer Science
Number9783319737874
ISSN (Print)2191-5768
ISSN (Electronic)2191-5776

ASJC Scopus subject areas

  • Computer Science(all)

Cite this