Abstract
Discovering who performed a cyber-attack or from where it originated is essential in order to determine an appropriate response and future risk mitigation measures. In this work, we propose a novel argumentation-based reasoner for analyzing and attributing cyber-attacks that combines both technical and social evidence. Our reasoner helps the digital forensics analyst during the analysis of the forensic evidence by providing to the analyst the possible culprits of the attack, new derived evidence, hints about missing evidence, and insights about other paths of investigation. The proposed reasoner is flexible, deals with conflicting and incomplete evidence, and was tested on real cyber-attacks cases.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
T represents the argument rules, while P represents the preference rules.
- 2.
The rule’s name represents the layer of the rule, i.e., the rules’ names of the technical, operational, and strategic layer start correspondingly with t, o, and s.
References
Carrier, B.: Defining digital forensic examination and analysis tools using abstraction layers. Int. J. Digit. Evid. 1(4), 1–12 (2003)
da Cruz Nassif, L.F., Hruschka, E.R.: Document clustering for forensic analysis: an approach for improving computer inspection. IEEE Trans. Inf. Forensic Secur. 8(1), 46–54 (2013)
DCMS: Cyber security breaches survey 2018 (2018). https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2018
Goutam, R.K.: The problem of attribution in cyber security. Int. J. Comput. Appl. Found. Comput. Sci. 131(7), 34–36 (2015)
Kakas, A., Moraitis, P.: Argumentation based decision making for autonomous agents. In: AAMAS 2003, pp. 883–890 (2003)
Kakas, A.C., Mancarella, P., Dung, P.M.: The acceptability semantics for logic programs. In: International Conference on Logic Programming, pp. 504–519 (1994)
Karafili, E., Cristani, M., Viganò, L.: A formal approach to analyzing cyber-forensics evidence. In: Lopez, J., Zhou, J., Soriano, M. (eds.) ESORICS 2018. LNCS, vol. 11098, pp. 281–301. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99073-6_14
Karafili, E., Kakas, A.C., Spanoudakis, N.I., Lupu, E.C.: Argumentation-based Security for Social Good. In: AAAI Fall Symposium Series (2017)
Kent, K., Chevalier, S., Grance, T., Dang, H.: SP 800–86. Guide to Integrating Forensic Techniques into Incident Response. Technical report, NIST (2006)
Newman, L.H.: The Biggest Cybersecurity Disasters of 2017 So Far (2017). https://www.wired.com/story/2017-biggest-hacks-so-far/
Nunes, E., Shakarian, P., Simari, G.I.: Toward argumentation-based cyber attribution. In: AAAI Workshops (2016)
Prakken, H., Sartor, G.: Argument-based extended logic programming with defeasible priorities. J. Appl. Non-Class. Log. 7(1), 25–75 (1997)
Rid, T., Buchanan, B.: Attributing cyber attacks. J. Strat. Stud. 38(1–2), 4–37 (2015)
Shakarian, P., Simari, G.I., Moores, G., Parsons, S.: Cyber attribution: an argumentation-based approach. In: Jajodia, S., Shakarian, P., Subrahmanian, V.S., Swarup, V., Wang, C. (eds.) Cyber Warfare. AIS, vol. 56, pp. 151–171. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-14039-1_8
Acknowledgments
Erisa Karafili was supported by the European Union’s H2020 research and innovation programme under the Marie Skłodowska-Curie grant agreement No. 746667.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Karafili, E., Wang, L., Kakas, A.C., Lupu, E. (2018). Helping Forensic Analysts to Attribute Cyber-Attacks: An Argumentation-Based Reasoner. In: Miller, T., Oren, N., Sakurai, Y., Noda, I., Savarimuthu, B.T.R., Cao Son, T. (eds) PRIMA 2018: Principles and Practice of Multi-Agent Systems. PRIMA 2018. Lecture Notes in Computer Science(), vol 11224. Springer, Cham. https://doi.org/10.1007/978-3-030-03098-8_36
Download citation
DOI: https://doi.org/10.1007/978-3-030-03098-8_36
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-03097-1
Online ISBN: 978-3-030-03098-8
eBook Packages: Computer ScienceComputer Science (R0)