Toward argumentation-based cyber attribution

Eric Nunes; Paulo Shakarian; Gerardo I. Simari

Toward argumentation-based cyber attribution

Eric Nunes, Paulo Shakarian, Gerardo I. Simari

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

A major challenge in cyber-threat analysis is combining information from different sources to find the person or the group responsible for the cyber-attack. It is one of the most important technical and policy challenges in cyber-security. The lack of ground truth for an individual responsible for an attack has limited previous studies. In this paper, we overcome this limitation by building a dataset from the capture-the-flag event held at DEFCON, and propose an argumentation model based on a formal reasoning framework called DeLP (Defeasible Logic Programming) designed to aid an analyst in attributing a cyber-attack to an attacker. We build argumentation-based models from latent variables computed from the dataset to reduce the search space of culprits (attackers) that an analyst can use to identify the attacker. We show that reducing the search space in this manner significantly improves the performance of classification-based approaches to cyber-attribution.

Original language	English (US)
Title of host publication	WS-16-01
Subtitle of host publication	Artificial Intelligence Applied to Assistive Technologies and Smart Environments; WS-16-02: AI, Ethics, and Society; WS-16-03: Artificial Intelligence for Cyber Security; WS-16-04: Artificial Intelligence for Smart Grids and Smart Buildings; WS-16-05: Beyond NP; WS-16-06: Computer Poker and Imperfect Information Games; WS-16-07: Declarative Learning Based Programming; WS-16-08: Expanding the Boundaries of Health Informatics Using AI; WS-16-09: Incentives and Trust in Electronic Communities; WS-16-10: Knowledge Extraction from Text; WS-16-11: Multiagent Interaction without Prior Coordination; WS-16-12: Planning for Hybrid Systems; WS-16-13: Scholarly Big Data: AI Perspectives, Challenges, and Ideas; WS-16-14: Symbiotic Cognitive Systems; WS-16-15: World Wide Web and Population Health Intelligence
Publisher	AI Access Foundation
Pages	177-184
Number of pages	8
Volume	WS-16-01 - WS-16-15
ISBN (Electronic)	9781577357599
State	Published - 2016
Event	30th AAAI Conference on Artificial Intelligence, AAAI 2016 - Phoenix, United States Duration: Feb 12 2016 → Feb 17 2016

Other

Other	30th AAAI Conference on Artificial Intelligence, AAAI 2016
Country/Territory	United States
City	Phoenix
Period	2/12/16 → 2/17/16

ASJC Scopus subject areas

General Engineering

Cite this

Nunes, E., Shakarian, P., & Simari, G. I. (2016). Toward argumentation-based cyber attribution. In WS-16-01: Artificial Intelligence Applied to Assistive Technologies and Smart Environments; WS-16-02: AI, Ethics, and Society; WS-16-03: Artificial Intelligence for Cyber Security; WS-16-04: Artificial Intelligence for Smart Grids and Smart Buildings; WS-16-05: Beyond NP; WS-16-06: Computer Poker and Imperfect Information Games; WS-16-07: Declarative Learning Based Programming; WS-16-08: Expanding the Boundaries of Health Informatics Using AI; WS-16-09: Incentives and Trust in Electronic Communities; WS-16-10: Knowledge Extraction from Text; WS-16-11: Multiagent Interaction without Prior Coordination; WS-16-12: Planning for Hybrid Systems; WS-16-13: Scholarly Big Data: AI Perspectives, Challenges, and Ideas; WS-16-14: Symbiotic Cognitive Systems; WS-16-15: World Wide Web and Population Health Intelligence (Vol. WS-16-01 - WS-16-15, pp. 177-184). AI Access Foundation.

Toward argumentation-based cyber attribution. / Nunes, Eric; Shakarian, Paulo; Simari, Gerardo I.
WS-16-01: Artificial Intelligence Applied to Assistive Technologies and Smart Environments; WS-16-02: AI, Ethics, and Society; WS-16-03: Artificial Intelligence for Cyber Security; WS-16-04: Artificial Intelligence for Smart Grids and Smart Buildings; WS-16-05: Beyond NP; WS-16-06: Computer Poker and Imperfect Information Games; WS-16-07: Declarative Learning Based Programming; WS-16-08: Expanding the Boundaries of Health Informatics Using AI; WS-16-09: Incentives and Trust in Electronic Communities; WS-16-10: Knowledge Extraction from Text; WS-16-11: Multiagent Interaction without Prior Coordination; WS-16-12: Planning for Hybrid Systems; WS-16-13: Scholarly Big Data: AI Perspectives, Challenges, and Ideas; WS-16-14: Symbiotic Cognitive Systems; WS-16-15: World Wide Web and Population Health Intelligence. Vol. WS-16-01 - WS-16-15 AI Access Foundation, 2016. p. 177-184.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Nunes, E, Shakarian, P & Simari, GI 2016, Toward argumentation-based cyber attribution. in WS-16-01: Artificial Intelligence Applied to Assistive Technologies and Smart Environments; WS-16-02: AI, Ethics, and Society; WS-16-03: Artificial Intelligence for Cyber Security; WS-16-04: Artificial Intelligence for Smart Grids and Smart Buildings; WS-16-05: Beyond NP; WS-16-06: Computer Poker and Imperfect Information Games; WS-16-07: Declarative Learning Based Programming; WS-16-08: Expanding the Boundaries of Health Informatics Using AI; WS-16-09: Incentives and Trust in Electronic Communities; WS-16-10: Knowledge Extraction from Text; WS-16-11: Multiagent Interaction without Prior Coordination; WS-16-12: Planning for Hybrid Systems; WS-16-13: Scholarly Big Data: AI Perspectives, Challenges, and Ideas; WS-16-14: Symbiotic Cognitive Systems; WS-16-15: World Wide Web and Population Health Intelligence. vol. WS-16-01 - WS-16-15, AI Access Foundation, pp. 177-184, 30th AAAI Conference on Artificial Intelligence, AAAI 2016, Phoenix, United States, 2/12/16.

Nunes E, Shakarian P, Simari GI. Toward argumentation-based cyber attribution. In WS-16-01: Artificial Intelligence Applied to Assistive Technologies and Smart Environments; WS-16-02: AI, Ethics, and Society; WS-16-03: Artificial Intelligence for Cyber Security; WS-16-04: Artificial Intelligence for Smart Grids and Smart Buildings; WS-16-05: Beyond NP; WS-16-06: Computer Poker and Imperfect Information Games; WS-16-07: Declarative Learning Based Programming; WS-16-08: Expanding the Boundaries of Health Informatics Using AI; WS-16-09: Incentives and Trust in Electronic Communities; WS-16-10: Knowledge Extraction from Text; WS-16-11: Multiagent Interaction without Prior Coordination; WS-16-12: Planning for Hybrid Systems; WS-16-13: Scholarly Big Data: AI Perspectives, Challenges, and Ideas; WS-16-14: Symbiotic Cognitive Systems; WS-16-15: World Wide Web and Population Health Intelligence. Vol. WS-16-01 - WS-16-15. AI Access Foundation. 2016. p. 177-184

Nunes, Eric ; Shakarian, Paulo ; Simari, Gerardo I. / Toward argumentation-based cyber attribution. WS-16-01: Artificial Intelligence Applied to Assistive Technologies and Smart Environments; WS-16-02: AI, Ethics, and Society; WS-16-03: Artificial Intelligence for Cyber Security; WS-16-04: Artificial Intelligence for Smart Grids and Smart Buildings; WS-16-05: Beyond NP; WS-16-06: Computer Poker and Imperfect Information Games; WS-16-07: Declarative Learning Based Programming; WS-16-08: Expanding the Boundaries of Health Informatics Using AI; WS-16-09: Incentives and Trust in Electronic Communities; WS-16-10: Knowledge Extraction from Text; WS-16-11: Multiagent Interaction without Prior Coordination; WS-16-12: Planning for Hybrid Systems; WS-16-13: Scholarly Big Data: AI Perspectives, Challenges, and Ideas; WS-16-14: Symbiotic Cognitive Systems; WS-16-15: World Wide Web and Population Health Intelligence. Vol. WS-16-01 - WS-16-15 AI Access Foundation, 2016. pp. 177-184

@inproceedings{59062feecfee41428571b5697f1545d8,

title = "Toward argumentation-based cyber attribution",

abstract = "A major challenge in cyber-threat analysis is combining information from different sources to find the person or the group responsible for the cyber-attack. It is one of the most important technical and policy challenges in cyber-security. The lack of ground truth for an individual responsible for an attack has limited previous studies. In this paper, we overcome this limitation by building a dataset from the capture-the-flag event held at DEFCON, and propose an argumentation model based on a formal reasoning framework called DeLP (Defeasible Logic Programming) designed to aid an analyst in attributing a cyber-attack to an attacker. We build argumentation-based models from latent variables computed from the dataset to reduce the search space of culprits (attackers) that an analyst can use to identify the attacker. We show that reducing the search space in this manner significantly improves the performance of classification-based approaches to cyber-attribution.",

author = "Eric Nunes and Paulo Shakarian and Simari, {Gerardo I.}",

year = "2016",

language = "English (US)",

volume = "WS-16-01 - WS-16-15",

pages = "177--184",

booktitle = "WS-16-01",

publisher = "AI Access Foundation",

note = "30th AAAI Conference on Artificial Intelligence, AAAI 2016 ; Conference date: 12-02-2016 Through 17-02-2016",

}

TY - GEN

T1 - Toward argumentation-based cyber attribution

AU - Nunes, Eric

AU - Shakarian, Paulo

AU - Simari, Gerardo I.

PY - 2016

Y1 - 2016

N2 - A major challenge in cyber-threat analysis is combining information from different sources to find the person or the group responsible for the cyber-attack. It is one of the most important technical and policy challenges in cyber-security. The lack of ground truth for an individual responsible for an attack has limited previous studies. In this paper, we overcome this limitation by building a dataset from the capture-the-flag event held at DEFCON, and propose an argumentation model based on a formal reasoning framework called DeLP (Defeasible Logic Programming) designed to aid an analyst in attributing a cyber-attack to an attacker. We build argumentation-based models from latent variables computed from the dataset to reduce the search space of culprits (attackers) that an analyst can use to identify the attacker. We show that reducing the search space in this manner significantly improves the performance of classification-based approaches to cyber-attribution.

AB - A major challenge in cyber-threat analysis is combining information from different sources to find the person or the group responsible for the cyber-attack. It is one of the most important technical and policy challenges in cyber-security. The lack of ground truth for an individual responsible for an attack has limited previous studies. In this paper, we overcome this limitation by building a dataset from the capture-the-flag event held at DEFCON, and propose an argumentation model based on a formal reasoning framework called DeLP (Defeasible Logic Programming) designed to aid an analyst in attributing a cyber-attack to an attacker. We build argumentation-based models from latent variables computed from the dataset to reduce the search space of culprits (attackers) that an analyst can use to identify the attacker. We show that reducing the search space in this manner significantly improves the performance of classification-based approaches to cyber-attribution.

UR - http://www.scopus.com/inward/record.url?scp=85008609471&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85008609471&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85008609471

VL - WS-16-01 - WS-16-15

SP - 177

EP - 184

BT - WS-16-01

PB - AI Access Foundation

T2 - 30th AAAI Conference on Artificial Intelligence, AAAI 2016

Y2 - 12 February 2016 through 17 February 2016

ER -

Toward argumentation-based cyber attribution

Abstract

Other

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this