Cyber-deception and attribution in capture-the-flag exercises

Eric Nunes; Nimish Kulkarni; Paulo Shakarian; Andrew Ruef; Jay Little

doi:10.1145/2808797.2809362

Cyber-deception and attribution in capture-the-flag exercises

Eric Nunes, Nimish Kulkarni, Paulo Shakarian, Andrew Ruef, Jay Little

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

10 Scopus citations

Abstract

Attributing the culprit of a cyber-attack is widely considered one of the major technical and policy challenges of cyber-security. The lack of ground truth for an individual responsible for a given attack has limited previous studies. Here, we overcome this limitation by leveraging DEFCON capture-the-flag (CTF) exercise data where the actual ground-truth is known. In this work, we use various classification techniques to identify the culprit in a cyberattack and find that deceptive activities account for the majority of misclassified samples. We also explore several heuristics to alleviate some of the misclassification caused by deception.

Original language	English (US)
Title of host publication	Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015
Editors	Jian Pei, Jie Tang, Fabrizio Silvestri
Publisher	Association for Computing Machinery, Inc
Pages	962-965
Number of pages	4
ISBN (Electronic)	9781450338547
DOIs	https://doi.org/10.1145/2808797.2809362
State	Published - Aug 25 2015
Event	IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015 - Paris, France Duration: Aug 25 2015 → Aug 28 2015

Publication series

Name	Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015

Other

Other	IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015
Country/Territory	France
City	Paris
Period	8/25/15 → 8/28/15

ASJC Scopus subject areas

Computer Science Applications
Computer Networks and Communications

Access to Document

10.1145/2808797.2809362

Cite this

Nunes, E., Kulkarni, N., Shakarian, P., Ruef, A., & Little, J. (2015). Cyber-deception and attribution in capture-the-flag exercises. In J. Pei, J. Tang, & F. Silvestri (Eds.), Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015 (pp. 962-965). (Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015). Association for Computing Machinery, Inc. https://doi.org/10.1145/2808797.2809362

Cyber-deception and attribution in capture-the-flag exercises. / Nunes, Eric; Kulkarni, Nimish; Shakarian, Paulo et al.
Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015. ed. / Jian Pei; Jie Tang; Fabrizio Silvestri. Association for Computing Machinery, Inc, 2015. p. 962-965 (Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Nunes, E, Kulkarni, N, Shakarian, P, Ruef, A & Little, J 2015, Cyber-deception and attribution in capture-the-flag exercises. in J Pei, J Tang & F Silvestri (eds), Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015. Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015, Association for Computing Machinery, Inc, pp. 962-965, IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015, Paris, France, 8/25/15. https://doi.org/10.1145/2808797.2809362

Nunes E, Kulkarni N, Shakarian P, Ruef A, Little J. Cyber-deception and attribution in capture-the-flag exercises. In Pei J, Tang J, Silvestri F, editors, Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015. Association for Computing Machinery, Inc. 2015. p. 962-965. (Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015). doi: 10.1145/2808797.2809362

Nunes, Eric ; Kulkarni, Nimish ; Shakarian, Paulo et al. / Cyber-deception and attribution in capture-the-flag exercises. Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015. editor / Jian Pei ; Jie Tang ; Fabrizio Silvestri. Association for Computing Machinery, Inc, 2015. pp. 962-965 (Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015).

@inproceedings{205c354522b64b5c88748c24b3f97110,

title = "Cyber-deception and attribution in capture-the-flag exercises",

abstract = "Attributing the culprit of a cyber-attack is widely considered one of the major technical and policy challenges of cyber-security. The lack of ground truth for an individual responsible for a given attack has limited previous studies. Here, we overcome this limitation by leveraging DEFCON capture-the-flag (CTF) exercise data where the actual ground-truth is known. In this work, we use various classification techniques to identify the culprit in a cyberattack and find that deceptive activities account for the majority of misclassified samples. We also explore several heuristics to alleviate some of the misclassification caused by deception.",

author = "Eric Nunes and Nimish Kulkarni and Paulo Shakarian and Andrew Ruef and Jay Little",

note = "Copyright: Copyright 2016 Elsevier B.V., All rights reserved.; IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015 ; Conference date: 25-08-2015 Through 28-08-2015",

year = "2015",

month = aug,

day = "25",

doi = "10.1145/2808797.2809362",

language = "English (US)",

series = "Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015",

publisher = "Association for Computing Machinery, Inc",

pages = "962--965",

editor = "Jian Pei and Jie Tang and Fabrizio Silvestri",

booktitle = "Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015",

}

TY - GEN

T1 - Cyber-deception and attribution in capture-the-flag exercises

AU - Nunes, Eric

AU - Kulkarni, Nimish

AU - Shakarian, Paulo

AU - Ruef, Andrew

AU - Little, Jay

PY - 2015/8/25

Y1 - 2015/8/25

N2 - Attributing the culprit of a cyber-attack is widely considered one of the major technical and policy challenges of cyber-security. The lack of ground truth for an individual responsible for a given attack has limited previous studies. Here, we overcome this limitation by leveraging DEFCON capture-the-flag (CTF) exercise data where the actual ground-truth is known. In this work, we use various classification techniques to identify the culprit in a cyberattack and find that deceptive activities account for the majority of misclassified samples. We also explore several heuristics to alleviate some of the misclassification caused by deception.

AB - Attributing the culprit of a cyber-attack is widely considered one of the major technical and policy challenges of cyber-security. The lack of ground truth for an individual responsible for a given attack has limited previous studies. Here, we overcome this limitation by leveraging DEFCON capture-the-flag (CTF) exercise data where the actual ground-truth is known. In this work, we use various classification techniques to identify the culprit in a cyberattack and find that deceptive activities account for the majority of misclassified samples. We also explore several heuristics to alleviate some of the misclassification caused by deception.

UR - http://www.scopus.com/inward/record.url?scp=84962503663&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84962503663&partnerID=8YFLogxK

U2 - 10.1145/2808797.2809362

DO - 10.1145/2808797.2809362

M3 - Conference contribution

AN - SCOPUS:84962503663

T3 - Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015

SP - 962

EP - 965

BT - Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015

A2 - Pei, Jian

A2 - Tang, Jie

A2 - Silvestri, Fabrizio

PB - Association for Computing Machinery, Inc

T2 - IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015

Y2 - 25 August 2015 through 28 August 2015

ER -

Cyber-deception and attribution in capture-the-flag exercises

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this