Cyber-Deception and Attribution in Capture-the-Flag Exercises
Eric Nunes, Nimish Kulkarni, Paulo Shakarian, Andrew Ruef, Jay Little
TL;DR
This paper uses DEFCON CTF data to study cyber-attack attribution, revealing deception as a major cause of misclassification and proposing heuristics to improve attribution accuracy.
Contribution
It introduces a ground-truth dataset from CTF exercises and analyzes deception's impact on attribution accuracy, offering new insights and mitigation strategies.
Findings
Deception causes most misclassifications in attribution.
Heuristics can reduce misclassification caused by deception.
Ground-truth data from CTFs enables better analysis of attribution challenges.
Abstract
Attributing the culprit of a cyber-attack is widely considered one of the major technical and policy challenges of cyber-security. The lack of ground truth for an individual responsible for a given attack has limited previous studies. Here, we overcome this limitation by leveraging DEFCON capture-the-flag (CTF) exercise data where the actual ground-truth is known. In this work, we use various classification techniques to identify the culprit in a cyberattack and find that deceptive activities account for the majority of misclassified samples. We also explore several heuristics to alleviate some of the misclassification caused by deception.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Advanced Malware Detection Techniques · Cybercrime and Law Enforcement Studies