TY - JOUR
T1 - Cyber attribution
T2 - An argumentation-based approach
AU - Shakarian, Paulo
AU - Simari, Gerardo I.
AU - Moores, Geoffrey
AU - Parsons, Simon
N1 - Publisher Copyright:
© Springer International Publishing Switzerland 2015.
PY - 2015
Y1 - 2015
N2 - Attributing a cyber-operation through the use of multiple pieces of technical evidence (i.e., malware reverse-engineering and source tracking) and conventional intelligence sources (i.e., human or signals intelligence) is a difficult problem not only due to the effort required to obtain evidence, but the ease with which an adversary can plant false evidence. In this paper, we introduce a formal reasoning system called the InCA (Intelligent Cyber Attribution) framework that is designed to aid an analyst in the attribution of a cyber-operation even when the available information is conflicting and/or uncertain. Our approach combines argumentation-based reasoning, logic programming, and probabilistic models to not only attribute an operation but also explain to the analyst why the system reaches its conclusions.
AB - Attributing a cyber-operation through the use of multiple pieces of technical evidence (i.e., malware reverse-engineering and source tracking) and conventional intelligence sources (i.e., human or signals intelligence) is a difficult problem not only due to the effort required to obtain evidence, but the ease with which an adversary can plant false evidence. In this paper, we introduce a formal reasoning system called the InCA (Intelligent Cyber Attribution) framework that is designed to aid an analyst in the attribution of a cyber-operation even when the available information is conflicting and/or uncertain. Our approach combines argumentation-based reasoning, logic programming, and probabilistic models to not only attribute an operation but also explain to the analyst why the system reaches its conclusions.
UR - http://www.scopus.com/inward/record.url?scp=84927932964&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84927932964&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-14039-1_8
DO - 10.1007/978-3-319-14039-1_8
M3 - Article
AN - SCOPUS:84927932964
SN - 1568-2633
VL - 56
SP - 151
EP - 171
JO - Advances in Information Security
JF - Advances in Information Security
ER -