Cyber attribution: An argumentation-based approach

Paulo Shakarian, Gerardo I. Simari, Geoffrey Moores, Simon Parsons

Research output: Contribution to journalArticle

11 Citations (Scopus)

Abstract

Attributing a cyber-operation through the use of multiple pieces of technical evidence (i.e., malware reverse-engineering and source tracking) and conventional intelligence sources (i.e., human or signals intelligence) is a difficult problem not only due to the effort required to obtain evidence, but the ease with which an adversary can plant false evidence. In this paper, we introduce a formal reasoning system called the InCA (Intelligent Cyber Attribution) framework that is designed to aid an analyst in the attribution of a cyber-operation even when the available information is conflicting and/or uncertain. Our approach combines argumentation-based reasoning, logic programming, and probabilistic models to not only attribute an operation but also explain to the analyst why the system reaches its conclusions.

Original languageEnglish (US)
Pages (from-to)151-171
Number of pages21
JournalAdvances in Information Security
Volume56
DOIs
StatePublished - 2015
Externally publishedYes

Fingerprint

Logic programming
Reverse engineering
Statistical Models
Malware

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems

Cite this

Cyber attribution : An argumentation-based approach. / Shakarian, Paulo; Simari, Gerardo I.; Moores, Geoffrey; Parsons, Simon.

In: Advances in Information Security, Vol. 56, 2015, p. 151-171.

Research output: Contribution to journalArticle

Shakarian, Paulo ; Simari, Gerardo I. ; Moores, Geoffrey ; Parsons, Simon. / Cyber attribution : An argumentation-based approach. In: Advances in Information Security. 2015 ; Vol. 56. pp. 151-171.
@article{babab4a7cb364d13a3d1c2c02a3df6f0,
title = "Cyber attribution: An argumentation-based approach",
abstract = "Attributing a cyber-operation through the use of multiple pieces of technical evidence (i.e., malware reverse-engineering and source tracking) and conventional intelligence sources (i.e., human or signals intelligence) is a difficult problem not only due to the effort required to obtain evidence, but the ease with which an adversary can plant false evidence. In this paper, we introduce a formal reasoning system called the InCA (Intelligent Cyber Attribution) framework that is designed to aid an analyst in the attribution of a cyber-operation even when the available information is conflicting and/or uncertain. Our approach combines argumentation-based reasoning, logic programming, and probabilistic models to not only attribute an operation but also explain to the analyst why the system reaches its conclusions.",
author = "Paulo Shakarian and Simari, {Gerardo I.} and Geoffrey Moores and Simon Parsons",
year = "2015",
doi = "10.1007/978-3-319-14039-1_8",
language = "English (US)",
volume = "56",
pages = "151--171",
journal = "Advances in Information Security",
issn = "1568-2633",
publisher = "Springer Science + Business Media",

}

TY - JOUR

T1 - Cyber attribution

T2 - An argumentation-based approach

AU - Shakarian, Paulo

AU - Simari, Gerardo I.

AU - Moores, Geoffrey

AU - Parsons, Simon

PY - 2015

Y1 - 2015

N2 - Attributing a cyber-operation through the use of multiple pieces of technical evidence (i.e., malware reverse-engineering and source tracking) and conventional intelligence sources (i.e., human or signals intelligence) is a difficult problem not only due to the effort required to obtain evidence, but the ease with which an adversary can plant false evidence. In this paper, we introduce a formal reasoning system called the InCA (Intelligent Cyber Attribution) framework that is designed to aid an analyst in the attribution of a cyber-operation even when the available information is conflicting and/or uncertain. Our approach combines argumentation-based reasoning, logic programming, and probabilistic models to not only attribute an operation but also explain to the analyst why the system reaches its conclusions.

AB - Attributing a cyber-operation through the use of multiple pieces of technical evidence (i.e., malware reverse-engineering and source tracking) and conventional intelligence sources (i.e., human or signals intelligence) is a difficult problem not only due to the effort required to obtain evidence, but the ease with which an adversary can plant false evidence. In this paper, we introduce a formal reasoning system called the InCA (Intelligent Cyber Attribution) framework that is designed to aid an analyst in the attribution of a cyber-operation even when the available information is conflicting and/or uncertain. Our approach combines argumentation-based reasoning, logic programming, and probabilistic models to not only attribute an operation but also explain to the analyst why the system reaches its conclusions.

UR - http://www.scopus.com/inward/record.url?scp=84927932964&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84927932964&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-14039-1_8

DO - 10.1007/978-3-319-14039-1_8

M3 - Article

AN - SCOPUS:84927932964

VL - 56

SP - 151

EP - 171

JO - Advances in Information Security

JF - Advances in Information Security

SN - 1568-2633

ER -