Abstract

A major challenge in cyber-threat analysis is combining information from different sources to find the person or the group responsible for the cyber-attack. It is one of the most important technical and policy challenges in cyber-security. The lack of ground truth for an individual responsible for an attack has limited previous studies. In this paper, we overcome this limitation by building a dataset from the capture-the-flag event held at DEFCON, and propose an argumentation model based on a formal reasoning framework called DeLP (Defeasible Logic Programming) designed to aid an analyst in attributing a cyber-attack to an attacker. We build argumentation-based models from latent variables computed from the dataset to reduce the search space of culprits (attackers) that an analyst can use to identify the attacker. We show that reducing the search space in this manner significantly improves the performance of classification-based approaches to cyber-attribution.

Original languageEnglish (US)
Title of host publicationWS-16-01
Subtitle of host publicationArtificial Intelligence Applied to Assistive Technologies and Smart Environments; WS-16-02: AI, Ethics, and Society; WS-16-03: Artificial Intelligence for Cyber Security; WS-16-04: Artificial Intelligence for Smart Grids and Smart Buildings; WS-16-05: Beyond NP; WS-16-06: Computer Poker and Imperfect Information Games; WS-16-07: Declarative Learning Based Programming; WS-16-08: Expanding the Boundaries of Health Informatics Using AI; WS-16-09: Incentives and Trust in Electronic Communities; WS-16-10: Knowledge Extraction from Text; WS-16-11: Multiagent Interaction without Prior Coordination; WS-16-12: Planning for Hybrid Systems; WS-16-13: Scholarly Big Data: AI Perspectives, Challenges, and Ideas; WS-16-14: Symbiotic Cognitive Systems; WS-16-15: World Wide Web and Population Health Intelligence
PublisherAI Access Foundation
Pages177-184
Number of pages8
VolumeWS-16-01 - WS-16-15
ISBN (Electronic)9781577357599
StatePublished - 2016
Event30th AAAI Conference on Artificial Intelligence, AAAI 2016 - Phoenix, United States
Duration: Feb 12 2016Feb 17 2016

Other

Other30th AAAI Conference on Artificial Intelligence, AAAI 2016
CountryUnited States
CityPhoenix
Period2/12/162/17/16

ASJC Scopus subject areas

  • Engineering(all)

Fingerprint Dive into the research topics of 'Toward argumentation-based cyber attribution'. Together they form a unique fingerprint.

Cite this