Cyber attribution: An argumentation-based approach

Paulo Shakarian; Gerardo I. Simari; Geoffrey Moores; Simon Parsons

doi:10.1007/978-3-319-14039-1_8

Cyber attribution: An argumentation-based approach

Paulo Shakarian, Gerardo I. Simari, Geoffrey Moores, Simon Parsons

Research output: Contribution to journal › Article › peer-review

18 Scopus citations

Abstract

Attributing a cyber-operation through the use of multiple pieces of technical evidence (i.e., malware reverse-engineering and source tracking) and conventional intelligence sources (i.e., human or signals intelligence) is a difficult problem not only due to the effort required to obtain evidence, but the ease with which an adversary can plant false evidence. In this paper, we introduce a formal reasoning system called the InCA (Intelligent Cyber Attribution) framework that is designed to aid an analyst in the attribution of a cyber-operation even when the available information is conflicting and/or uncertain. Our approach combines argumentation-based reasoning, logic programming, and probabilistic models to not only attribute an operation but also explain to the analyst why the system reaches its conclusions.

Original language	English (US)
Pages (from-to)	151-171
Number of pages	21
Journal	Advances in Information Security
Volume	56
DOIs	https://doi.org/10.1007/978-3-319-14039-1_8
State	Published - 2015

ASJC Scopus subject areas

Information Systems
Computer Networks and Communications

Access to Document

10.1007/978-3-319-14039-1_8

Cite this

@article{babab4a7cb364d13a3d1c2c02a3df6f0,

title = "Cyber attribution: An argumentation-based approach",

abstract = "Attributing a cyber-operation through the use of multiple pieces of technical evidence (i.e., malware reverse-engineering and source tracking) and conventional intelligence sources (i.e., human or signals intelligence) is a difficult problem not only due to the effort required to obtain evidence, but the ease with which an adversary can plant false evidence. In this paper, we introduce a formal reasoning system called the InCA (Intelligent Cyber Attribution) framework that is designed to aid an analyst in the attribution of a cyber-operation even when the available information is conflicting and/or uncertain. Our approach combines argumentation-based reasoning, logic programming, and probabilistic models to not only attribute an operation but also explain to the analyst why the system reaches its conclusions.",

author = "Paulo Shakarian and Simari, {Gerardo I.} and Geoffrey Moores and Simon Parsons",

note = "Publisher Copyright: {\textcopyright} Springer International Publishing Switzerland 2015.",

year = "2015",

doi = "10.1007/978-3-319-14039-1_8",

language = "English (US)",

volume = "56",

pages = "151--171",

journal = "Advances in Information Security",

issn = "1568-2633",

publisher = "Springer Science + Business Media",

}

TY - JOUR

T1 - Cyber attribution

T2 - An argumentation-based approach

AU - Shakarian, Paulo

AU - Simari, Gerardo I.

AU - Moores, Geoffrey

AU - Parsons, Simon

N1 - Publisher Copyright: © Springer International Publishing Switzerland 2015.

PY - 2015

Y1 - 2015

N2 - Attributing a cyber-operation through the use of multiple pieces of technical evidence (i.e., malware reverse-engineering and source tracking) and conventional intelligence sources (i.e., human or signals intelligence) is a difficult problem not only due to the effort required to obtain evidence, but the ease with which an adversary can plant false evidence. In this paper, we introduce a formal reasoning system called the InCA (Intelligent Cyber Attribution) framework that is designed to aid an analyst in the attribution of a cyber-operation even when the available information is conflicting and/or uncertain. Our approach combines argumentation-based reasoning, logic programming, and probabilistic models to not only attribute an operation but also explain to the analyst why the system reaches its conclusions.

AB - Attributing a cyber-operation through the use of multiple pieces of technical evidence (i.e., malware reverse-engineering and source tracking) and conventional intelligence sources (i.e., human or signals intelligence) is a difficult problem not only due to the effort required to obtain evidence, but the ease with which an adversary can plant false evidence. In this paper, we introduce a formal reasoning system called the InCA (Intelligent Cyber Attribution) framework that is designed to aid an analyst in the attribution of a cyber-operation even when the available information is conflicting and/or uncertain. Our approach combines argumentation-based reasoning, logic programming, and probabilistic models to not only attribute an operation but also explain to the analyst why the system reaches its conclusions.

UR - http://www.scopus.com/inward/record.url?scp=84927932964&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84927932964&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-14039-1_8

DO - 10.1007/978-3-319-14039-1_8

M3 - Article

AN - SCOPUS:84927932964

SN - 1568-2633

VL - 56

SP - 151

EP - 171

JO - Advances in Information Security

JF - Advances in Information Security

ER -

Cyber attribution: An argumentation-based approach

Abstract

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this