Abstract
Attributing a cyber-operation through the use of multiple pieces of technical evidence (i.e., malware reverse-engineering and source tracking) and conventional intelligence sources (i.e., human or signals intelligence) is a difficult problem not only due to the effort required to obtain evidence, but the ease with which an adversary can plant false evidence. In this paper, we introduce a formal reasoning system called the InCA (Intelligent Cyber Attribution) framework that is designed to aid an analyst in the attribution of a cyber-operation even when the available information is conflicting and/or uncertain. Our approach combines argumentation-based reasoning, logic programming, and probabilistic models to not only attribute an operation but also explain to the analyst why the system reaches its conclusions.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Shadows in the Cloud: Investigating Cyber Espionage 2.0. Tech. rep., Information Warfare Monitor and Shadowserver Foundation (2010)
APT1: Exposing one of China’s cyber espionage units. Mandiant (tech. report) (2013)
Altheide, C.: Digital Forensics with Open Source Tools. Syngress (2011)
Dekhtyar, A., Dekhtyar, M.I., Subrahmanian, V.S.: Temporal probabilistic logic programs. In: ICLP 1999, pp. 109–123. The MIT Press, Cambridge, MA, USA (1999)
Dung, P.M.: On the acceptability of arguments and its fundamental role in nonmonotonic reasoning, logic programming andn-person games. Artif. Intell.77, pp. 321–357 (1995)
Falliere, N., Murchu, L.O., Chien, E.: W32.Stuxnet Dossier Version 1.4. Symantec Corporation (2011)
García, A.J., Simari, G.R.: Defeasible logic programming: An argumentative approach. TPLP4(1–2), 95–138 (2004)
Hansson, H., Jonsson, B.: A logic for reasoning about time and probability. Formal Aspects of Computing6, 512–535 (1994)
Heuer, R.J.: Psychology of Intelligence Analysis. Center for the Study of Intelligence (1999)
Khuller, S., Martinez, M.V., Nau, D.S., Sliva, A., Simari, G.I., Subrahmanian, V.S.: Computing most probable worlds of action probabilistic logic programs: scalable estimation for 1030,000worlds. AMAI51(2–4), 295–331 (2007)
Langner, R.: Matching Langner Stuxnet analysis and Symantic dossier update. Langner Communications GmbH (2011)
Lloyd, J.W.: Foundations of Logic Programming, 2nd Edition. Springer (1987)
Martinez, M.V., García, A.J., Simari, G.R.: On the use of presumptions in structured defeasible reasoning. In: Proc. of COMMA, pp. 185–196 (2012)
Nilsson, N.J.: Probabilistic logic. Artif. Intell.28(1), 71–87 (1986)
Rahwan, I., Simari, G.R.: Argumentation in Artificial Intelligence. Springer (2009)
Reggia, J.A., Peng, Y.: Abductive inference models for diagnostic problem-solving. Springer-Verlag New York, Inc., New York, NY, USA (1990)
Shakarian, P., Parker, A., Simari, G.I., Subrahmanian, V.S.: Annotated probabilistic temporal logic. TOCL12(2), 14 (2011)
Shakarian, P., Simari, G.I., Subrahmanian, V.S.: Annotated probabilistic temporal logic: Approximate fixpoint implementation. ACM Trans. Comput. Log.13(2), 13 (2012)
Shakarian, P., Shakarian, J., Ruef, A.: Introduction to Cyber-Warfare: A Multidisciplinary Approach. Syngress (2013)
Shakarian, P., Simari, G.I., Falappa, M.A.: Belief revision in structured probabilistic argumentation. In: Proceedings of FoIKS, pp. 324–343 (2014)
Simari, G.R., Loui, R.P.: A mathematical treatment of defeasible reasoning and its implementation. Artif. Intell.53(2-3), 125–157 (1992)
Simari, G.I., Martinez, M.V., Sliva, A., Subrahmanian, V.S.: Focused most probable world computations in probabilistic logic programs. AMAI64(2–3), 113–143 (2012)
Spitzner, L.: Honeypots: Catching the Insider Threat. In: Proc. of ACSAC 2003, pp. 170–179. IEEE Computer Society (2003)
Stolzenburg, F., García, A., Chesñevar, C.I., Simari, G.R.: Computing Generalized Specificity. Journal of Non-Classical Logics13(1), 87–113 (2003)
Thonnard, O., Mees, W., Dacier, M.: On a multicriteria clustering approach for attack attribution. SIGKDD Explorations12(1), 11–20 (2010)
Acknowledgments
This work was supported by UK EPSRC grant EP/J008346/1—“PrOQAW”, ERC grant 246858—“DIADEM”, by NSF grant #1117761, by the National Security Agency under the Science of Security Lablet grant (SoSL), Army Research Office project 2GDATXR042, and DARPA project R.0004972.001.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Shakarian, P., Simari, G., Moores, G., Parsons, S. (2015). Cyber Attribution: An Argumentation-Based Approach. In: Jajodia, S., Shakarian, P., Subrahmanian, V., Swarup, V., Wang, C. (eds) Cyber Warfare. Advances in Information Security, vol 56. Springer, Cham. https://doi.org/10.1007/978-3-319-14039-1_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-14039-1_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-14038-4
Online ISBN: 978-3-319-14039-1
eBook Packages: Computer ScienceComputer Science (R0)