Argumentation Models for Cyber Attribution
Eric Nunes, Paulo Shakarian, Gerardo I. Simari, Andrew Ruef
TL;DR
This paper introduces an argumentation model using DeLP to improve cyber-attack attribution by reducing search space and enhancing classification accuracy, based on a DEFCON capture-the-flag dataset.
Contribution
It presents a novel argumentation framework for cyber attribution that leverages formal reasoning and latent variables to improve attacker identification accuracy.
Findings
Reduced attacker search space significantly improves classification accuracy.
Classification performance increased from 37% to 62%.
First dataset from DEFCON capture-the-flag for this purpose.
Abstract
A major challenge in cyber-threat analysis is combining information from different sources to find the person or the group responsible for the cyber-attack. It is one of the most important technical and policy challenges in cyber-security. The lack of ground truth for an individual responsible for an attack has limited previous studies. In this paper, we take a first step towards overcoming this limitation by building a dataset from the capture-the-flag event held at DEFCON, and propose an argumentation model based on a formal reasoning framework called DeLP (Defeasible Logic Programming) designed to aid an analyst in attributing a cyber-attack. We build models from latent variables to reduce the search space of culprits (attackers), and show that this reduction significantly improves the performance of classification-based approaches from 37% to 62% in identifying the attacker.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsHate Speech and Cyberbullying Detection · Information and Cyber Security · Network Security and Intrusion Detection