Abstract

A major challenge in cyber-threat analysis is combining information from different sources to find the person or the group responsible for the cyber-attack. It is one of the most important technical and policy challenges in cybersecurity. The lack of ground truth for an individual responsible for an attack has limited previous studies. In this paper, we take a first step towards overcoming this limitation by building a dataset from the capture-the-flag event held at DEFCON, and propose an argumentation model based on a formal reasoning framework called DeLP (Defeasible Logic Programming) designed to aid an analyst in attributing a cyber-attack. We build models from latent variables to reduce the search space of culprits (attackers), and show that this reduction significantly improves the performance of classification-based approaches from 37% to 62% in identifying the attacker.

Original languageEnglish (US)
Title of host publicationProceedings of the 2016 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages837-844
Number of pages8
ISBN (Electronic)9781509028467
DOIs
StatePublished - Nov 21 2016
Event2016 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2016 - San Francisco, United States
Duration: Aug 18 2016Aug 21 2016

Other

Other2016 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2016
CountryUnited States
CitySan Francisco
Period8/18/168/21/16

Fingerprint

argumentation
attribution
Logic programming
logic
programming
threat
human being
event
lack
performance
Group

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Sociology and Political Science
  • Communication

Cite this

Nunes, E., Shakarian, P., Simari, G. I., & Ruef, A. (2016). Argumentation models for cyber attribution. In Proceedings of the 2016 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2016 (pp. 837-844). [7752335] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ASONAM.2016.7752335

Argumentation models for cyber attribution. / Nunes, Eric; Shakarian, Paulo; Simari, Gerardo I.; Ruef, Andrew.

Proceedings of the 2016 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2016. Institute of Electrical and Electronics Engineers Inc., 2016. p. 837-844 7752335.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Nunes, E, Shakarian, P, Simari, GI & Ruef, A 2016, Argumentation models for cyber attribution. in Proceedings of the 2016 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2016., 7752335, Institute of Electrical and Electronics Engineers Inc., pp. 837-844, 2016 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2016, San Francisco, United States, 8/18/16. https://doi.org/10.1109/ASONAM.2016.7752335
Nunes E, Shakarian P, Simari GI, Ruef A. Argumentation models for cyber attribution. In Proceedings of the 2016 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2016. Institute of Electrical and Electronics Engineers Inc. 2016. p. 837-844. 7752335 https://doi.org/10.1109/ASONAM.2016.7752335
Nunes, Eric ; Shakarian, Paulo ; Simari, Gerardo I. ; Ruef, Andrew. / Argumentation models for cyber attribution. Proceedings of the 2016 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2016. Institute of Electrical and Electronics Engineers Inc., 2016. pp. 837-844
@inproceedings{b6771e1d345340b8acb126177570ecaf,
title = "Argumentation models for cyber attribution",
abstract = "A major challenge in cyber-threat analysis is combining information from different sources to find the person or the group responsible for the cyber-attack. It is one of the most important technical and policy challenges in cybersecurity. The lack of ground truth for an individual responsible for an attack has limited previous studies. In this paper, we take a first step towards overcoming this limitation by building a dataset from the capture-the-flag event held at DEFCON, and propose an argumentation model based on a formal reasoning framework called DeLP (Defeasible Logic Programming) designed to aid an analyst in attributing a cyber-attack. We build models from latent variables to reduce the search space of culprits (attackers), and show that this reduction significantly improves the performance of classification-based approaches from 37{\%} to 62{\%} in identifying the attacker.",
author = "Eric Nunes and Paulo Shakarian and Simari, {Gerardo I.} and Andrew Ruef",
year = "2016",
month = "11",
day = "21",
doi = "10.1109/ASONAM.2016.7752335",
language = "English (US)",
pages = "837--844",
booktitle = "Proceedings of the 2016 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2016",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
address = "United States",

}

TY - GEN

T1 - Argumentation models for cyber attribution

AU - Nunes, Eric

AU - Shakarian, Paulo

AU - Simari, Gerardo I.

AU - Ruef, Andrew

PY - 2016/11/21

Y1 - 2016/11/21

N2 - A major challenge in cyber-threat analysis is combining information from different sources to find the person or the group responsible for the cyber-attack. It is one of the most important technical and policy challenges in cybersecurity. The lack of ground truth for an individual responsible for an attack has limited previous studies. In this paper, we take a first step towards overcoming this limitation by building a dataset from the capture-the-flag event held at DEFCON, and propose an argumentation model based on a formal reasoning framework called DeLP (Defeasible Logic Programming) designed to aid an analyst in attributing a cyber-attack. We build models from latent variables to reduce the search space of culprits (attackers), and show that this reduction significantly improves the performance of classification-based approaches from 37% to 62% in identifying the attacker.

AB - A major challenge in cyber-threat analysis is combining information from different sources to find the person or the group responsible for the cyber-attack. It is one of the most important technical and policy challenges in cybersecurity. The lack of ground truth for an individual responsible for an attack has limited previous studies. In this paper, we take a first step towards overcoming this limitation by building a dataset from the capture-the-flag event held at DEFCON, and propose an argumentation model based on a formal reasoning framework called DeLP (Defeasible Logic Programming) designed to aid an analyst in attributing a cyber-attack. We build models from latent variables to reduce the search space of culprits (attackers), and show that this reduction significantly improves the performance of classification-based approaches from 37% to 62% in identifying the attacker.

UR - http://www.scopus.com/inward/record.url?scp=85006785049&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85006785049&partnerID=8YFLogxK

U2 - 10.1109/ASONAM.2016.7752335

DO - 10.1109/ASONAM.2016.7752335

M3 - Conference contribution

SP - 837

EP - 844

BT - Proceedings of the 2016 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2016

PB - Institute of Electrical and Electronics Engineers Inc.

ER -