Attributing the culprit of a cyberattack is widely considered one of the major technical and policy challenges of cybersecurity. While the lack of ground truth for an individual responsible for a given attack has limited previous studies, here we overcome this limitation by leveraging DEFCON capture-the-flag (CTF) exercise data where the actual ground truth is known. In this chapter, we use various classification techniques to identify the culprit in a cyberattack and find that deceptive activities account for the majority of misclassified attacks. We also explore several heuristics to alleviate some of the misclassification caused by deception.

Original languageEnglish (US)
Title of host publicationSpringerBriefs in Computer Science
Number of pages12
StatePublished - Jan 1 2018

Publication series

NameSpringerBriefs in Computer Science
ISSN (Print)2191-5768
ISSN (Electronic)2191-5776

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

Nunes, E., Shakarian, P., Simari, G. I., & Ruef, A. (2018). Baseline cyber attribution models. In SpringerBriefs in Computer Science (9783319737874 ed., pp. 5-16). (SpringerBriefs in Computer Science; No. 9783319737874). Springer. https://doi.org/10.1007/978-3-319-73788-1_2