Attributing the culprit of a cyber-attack is widely considered one of the major technical and policy challenges of cyber-security. The lack of ground truth for an individual responsible for a given attack has limited previous studies. Here, we overcome this limitation by leveraging DEFCON capture-the-flag (CTF) exercise data where the actual ground-truth is know. In this work, we use various classification techniques to identify the culprit in a cyberattack and find that deceptive activities account for the majority of misclassified samples. We also explore several heuristics to alleviate some of the misclassification caused by deception.
CITATION STYLE
Nunes, E., Kulkarni, N., Shakarian, P., Ruef, A., & Little, J. (2016). Cyber-deception and attribution in capture-the-flag exercises. In Cyber Deception: Building the Scientific Foundation (pp. 149–165). Springer International Publishing. https://doi.org/10.1007/978-3-319-32699-3_7
Mendeley helps you to discover research relevant for your work.