Abstract
Attributing a cyber-operation through the use of multiple pieces of technical evidence (i.e., malware reverse-engineering and source tracking) and conventional intelligence sources (i.e., human or signals intelligence) is a difficult problem not only due to the effort required to obtain evidence, but the ease with which an adversary can plant false evidence. In this paper, we introduce a formal reasoning system called the InCA (Intelligent Cyber Attribution) framework that is designed to aid an analyst in the attribution of a cyber-operation even when the available information is conflicting and/or uncertain. Our approach combines argumentation-based reasoning, logic programming, and probabilistic models to not only attribute an operation but also explain to the analyst why the system reaches its conclusions.
Cite
CITATION STYLE
Shakarian, P., Simari, G. I., Moores, G., & Parsons, S. (2015). Cyber attribution: An argumentation-based approach. Advances in Information Security, 56, 151–171. https://doi.org/10.1007/978-3-319-14039-1_8
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
