Cyber attribution: An argumentation-based approach

Paulo Shakarian, Gerardo I. Simari, Geoffrey Moores, Simon Parsons

Research output: Contribution to journalArticle

12 Scopus citations

Abstract

Attributing a cyber-operation through the use of multiple pieces of technical evidence (i.e., malware reverse-engineering and source tracking) and conventional intelligence sources (i.e., human or signals intelligence) is a difficult problem not only due to the effort required to obtain evidence, but the ease with which an adversary can plant false evidence. In this paper, we introduce a formal reasoning system called the InCA (Intelligent Cyber Attribution) framework that is designed to aid an analyst in the attribution of a cyber-operation even when the available information is conflicting and/or uncertain. Our approach combines argumentation-based reasoning, logic programming, and probabilistic models to not only attribute an operation but also explain to the analyst why the system reaches its conclusions.

Original languageEnglish (US)
Pages (from-to)151-171
Number of pages21
JournalAdvances in Information Security
Volume56
DOIs
StatePublished - Jan 1 2015

    Fingerprint

ASJC Scopus subject areas

  • Information Systems
  • Computer Networks and Communications

Cite this