Abstract

Attributing the culprit of a cyberattack is widely considered one of the major technical and policy challenges of cybersecurity. While the lack of ground truth for an individual responsible for a given attack has limited previous studies, here we overcome this limitation by leveraging DEFCON capture-the-flag (CTF) exercise data where the actual ground truth is known. In this chapter, we use various classification techniques to identify the culprit in a cyberattack and find that deceptive activities account for the majority of misclassified attacks. We also explore several heuristics to alleviate some of the misclassification caused by deception.

Original languageEnglish (US)
Title of host publicationSpringerBriefs in Computer Science
PublisherSpringer
Pages5-16
Number of pages12
Edition9783319737874
DOIs
StatePublished - 2018

Publication series

NameSpringerBriefs in Computer Science
Number9783319737874
Volume0
ISSN (Print)2191-5768
ISSN (Electronic)2191-5776

ASJC Scopus subject areas

  • General Computer Science

Fingerprint

Dive into the research topics of 'Baseline cyber attribution models'. Together they form a unique fingerprint.

Cite this