Abstract

Attributing the culprit of a cyber-attack is widely considered one of the major technical and policy challenges of cyber-security. The lack of ground truth for an individual responsible for a given attack has limited previous studies. Here, we overcome this limitation by leveraging DEFCON capture-the-flag (CTF) exercise data where the actual ground-truth is know. In this work, we use various classification techniques to identify the culprit in a cyberattack and find that deceptive activities account for the majority of misclassified samples. We also explore several heuristics to alleviate some of the misclassification caused by deception.

Original languageEnglish (US)
Title of host publicationCyber Deception
Subtitle of host publicationBuilding the Scientific Foundation
PublisherSpringer International Publishing
Pages149-165
Number of pages17
ISBN (Electronic)9783319326993
ISBN (Print)9783319326979
DOIs
StatePublished - Jan 1 2016

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

Nunes, E., Kulkarni, N., Shakarian, P., Ruef, A., & Little, J. (2016). Cyber-deception and attribution in capture-the-flag exercises. In Cyber Deception: Building the Scientific Foundation (pp. 149-165). Springer International Publishing. https://doi.org/10.1007/978-3-319-32699-3_7