Cyber-deception and attribution in capture-the-flag exercises
| Title | Cyber-deception and attribution in capture-the-flag exercises |
| Publication Type | Conference Paper |
| Year of Publication | 2015 |
| Authors | Nunes, E., Kulkarni, N., Shakarian, P., Ruef, A., Little, J. |
| Conference Name | 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM) |
| Date Published | aug |
| Keywords | capture-the-flag exercises, classification techniques, Computer crime, culprit attribution, cyber-attack, cyber-deception, cyber-security, Decision trees, DEFCON capture-the-flag exercise data, DEFCON CTF exercise data, Logistics, pattern classification, Payloads, pubcrawl170109, security of data, Social network services, Support vector machines, Training |
| Abstract | Attributing the culprit of a cyber-attack is widely considered one of the major technical and policy challenges of cyber-security. The lack of ground truth for an individual responsible for a given attack has limited previous studies. Here, we overcome this limitation by leveraging DEFCON capture-the-flag (CTF) exercise data where the actual ground-truth is known. In this work, we use various classification techniques to identify the culprit in a cyberattack and find that deceptive activities account for the majority of misclassified samples. We also explore several heuristics to alleviate some of the misclassification caused by deception. |
| URL | https://dl.acm.org/citation.cfm?doid=2808797.2809362 |
| DOI | 10.1145/2808797.2809362 |
| Citation Key | nunes_cyber-deception_2015 |
- DEFCON CTF exercise data
- Training
- Support vector machines
- Social network services
- security of data
- pubcrawl170109
- Payloads
- pattern classification
- Logistics
- capture-the-flag exercises
- DEFCON capture-the-flag exercise data
- Decision trees
- Cyber-security
- cyber-deception
- cyber-attack
- culprit attribution
- Computer crime
- classification techniques