Abstract

Attributing the culprit of a cyberattack is widely considered one of the major technical and policy challenges of cybersecurity. While the lack of ground truth for an individual responsible for a given attack has limited previous studies, here we overcome this limitation by leveraging DEFCON capture-the-flag (CTF) exercise data where the actual ground truth is known. In this chapter, we use various classification techniques to identify the culprit in a cyberattack and find that deceptive activities account for the majority of misclassified attacks. We also explore several heuristics to alleviate some of the misclassification caused by deception.

Original languageEnglish (US)
Title of host publicationSpringerBriefs in Computer Science
PublisherSpringer
Pages5-16
Number of pages12
Edition9783319737874
DOIs
StatePublished - Jan 1 2018

Publication series

NameSpringerBriefs in Computer Science
Number9783319737874
ISSN (Print)2191-5768
ISSN (Electronic)2191-5776

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

Nunes, E., Shakarian, P., Simari, G. I., & Ruef, A. (2018). Baseline cyber attribution models. In SpringerBriefs in Computer Science (9783319737874 ed., pp. 5-16). (SpringerBriefs in Computer Science; No. 9783319737874). Springer. https://doi.org/10.1007/978-3-319-73788-1_2

Baseline cyber attribution models. / Nunes, Eric; Shakarian, Paulo; Simari, Gerardo I.; Ruef, Andrew.

SpringerBriefs in Computer Science. 9783319737874. ed. Springer, 2018. p. 5-16 (SpringerBriefs in Computer Science; No. 9783319737874).

Research output: Chapter in Book/Report/Conference proceedingChapter

Nunes, E, Shakarian, P, Simari, GI & Ruef, A 2018, Baseline cyber attribution models. in SpringerBriefs in Computer Science. 9783319737874 edn, SpringerBriefs in Computer Science, no. 9783319737874, Springer, pp. 5-16. https://doi.org/10.1007/978-3-319-73788-1_2
Nunes E, Shakarian P, Simari GI, Ruef A. Baseline cyber attribution models. In SpringerBriefs in Computer Science. 9783319737874 ed. Springer. 2018. p. 5-16. (SpringerBriefs in Computer Science; 9783319737874). https://doi.org/10.1007/978-3-319-73788-1_2
Nunes, Eric ; Shakarian, Paulo ; Simari, Gerardo I. ; Ruef, Andrew. / Baseline cyber attribution models. SpringerBriefs in Computer Science. 9783319737874. ed. Springer, 2018. pp. 5-16 (SpringerBriefs in Computer Science; 9783319737874).
@inbook{8400451e5e89410db453d191cb24a25d,
title = "Baseline cyber attribution models",
abstract = "Attributing the culprit of a cyberattack is widely considered one of the major technical and policy challenges of cybersecurity. While the lack of ground truth for an individual responsible for a given attack has limited previous studies, here we overcome this limitation by leveraging DEFCON capture-the-flag (CTF) exercise data where the actual ground truth is known. In this chapter, we use various classification techniques to identify the culprit in a cyberattack and find that deceptive activities account for the majority of misclassified attacks. We also explore several heuristics to alleviate some of the misclassification caused by deception.",
author = "Eric Nunes and Paulo Shakarian and Simari, {Gerardo I.} and Andrew Ruef",
year = "2018",
month = "1",
day = "1",
doi = "10.1007/978-3-319-73788-1_2",
language = "English (US)",
series = "SpringerBriefs in Computer Science",
publisher = "Springer",
number = "9783319737874",
pages = "5--16",
booktitle = "SpringerBriefs in Computer Science",
edition = "9783319737874",

}

TY - CHAP

T1 - Baseline cyber attribution models

AU - Nunes, Eric

AU - Shakarian, Paulo

AU - Simari, Gerardo I.

AU - Ruef, Andrew

PY - 2018/1/1

Y1 - 2018/1/1

N2 - Attributing the culprit of a cyberattack is widely considered one of the major technical and policy challenges of cybersecurity. While the lack of ground truth for an individual responsible for a given attack has limited previous studies, here we overcome this limitation by leveraging DEFCON capture-the-flag (CTF) exercise data where the actual ground truth is known. In this chapter, we use various classification techniques to identify the culprit in a cyberattack and find that deceptive activities account for the majority of misclassified attacks. We also explore several heuristics to alleviate some of the misclassification caused by deception.

AB - Attributing the culprit of a cyberattack is widely considered one of the major technical and policy challenges of cybersecurity. While the lack of ground truth for an individual responsible for a given attack has limited previous studies, here we overcome this limitation by leveraging DEFCON capture-the-flag (CTF) exercise data where the actual ground truth is known. In this chapter, we use various classification techniques to identify the culprit in a cyberattack and find that deceptive activities account for the majority of misclassified attacks. We also explore several heuristics to alleviate some of the misclassification caused by deception.

UR - http://www.scopus.com/inward/record.url?scp=85044937549&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85044937549&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-73788-1_2

DO - 10.1007/978-3-319-73788-1_2

M3 - Chapter

T3 - SpringerBriefs in Computer Science

SP - 5

EP - 16

BT - SpringerBriefs in Computer Science

PB - Springer

ER -