8 Scopus citations

Abstract

Attributing the culprit of a cyber-attack is widely considered one of the major technical and policy challenges of cyber-security. The lack of ground truth for an individual responsible for a given attack has limited previous studies. Here, we overcome this limitation by leveraging DEFCON capture-the-flag (CTF) exercise data where the actual ground-truth is known. In this work, we use various classification techniques to identify the culprit in a cyberattack and find that deceptive activities account for the majority of misclassified samples. We also explore several heuristics to alleviate some of the misclassification caused by deception.

Original languageEnglish (US)
Title of host publicationProceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015
PublisherAssociation for Computing Machinery, Inc
Pages962-965
Number of pages4
ISBN (Print)9781450338547
DOIs
StatePublished - Aug 25 2015
EventIEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015 - Paris, France
Duration: Aug 25 2015Aug 28 2015

Other

OtherIEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015
CountryFrance
CityParis
Period8/25/158/28/15

ASJC Scopus subject areas

  • Computer Science Applications
  • Computer Networks and Communications

Cite this

Nunes, E., Kulkarni, N., Shakarian, P., Ruef, A., & Little, J. (2015). Cyber-deception and attribution in capture-the-flag exercises. In Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015 (pp. 962-965). Association for Computing Machinery, Inc. https://doi.org/10.1145/2808797.2809362