Using Attack Pattern for Cyber Attack Attribution
Title | Using Attack Pattern for Cyber Attack Attribution |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Avellaneda, Florent, Alikacem, El-Hackemi, Jaafar, Femi |
Conference Name | 2019 International Conference on Cybersecurity (ICoCSec) |
Date Published | Sept. 2019 |
Publisher | IEEE |
ISBN Number | 978-1-7281-5657-6 |
Keywords | attack pattern, attack scenario, attribution, composability, computer network security, cyber attack, cyber attack initiator identification, Cyber Attribution, cyber attribution problem, data availability, data confidentiality, data integrity, Human Behavior, individual organization, information system, Metrics, pubcrawl |
Abstract | A cyber attack is a malicious and deliberate attempt by an individual or organization to breach the integrity, confidentiality, and/or availability of data or services of an information system of another individual or organization. Being able to attribute a cyber attack is a crucial question for security but this question is also known to be a difficult problem. The main reason why there is currently no solution that automatically identifies the initiator of an attack is that attackers usually use proxies, i.e. an intermediate node that relays a host over the network. In this paper, we propose to formalize the problem of identifying the initiator of a cyber attack. We show that if the attack scenario used by the attacker is known, then we are able to resolve the cyber attribution problem. Indeed, we propose a model to formalize these attack scenarios, that we call attack patterns, and give an efficient algorithm to search for attack pattern on a communication history. Finally, we experimentally show the relevance of our approach. |
URL | https://ieeexplore.ieee.org/document/8970906/ |
DOI | 10.1109/ICoCSec47621.2019.8970906 |
Citation Key | avellaneda_using_2019 |
- cyber attribution problem
- pubcrawl
- Metrics
- information system
- individual organization
- Human behavior
- data integrity
- data confidentiality
- data availability
- attack pattern
- Cyber Attribution
- cyber attack initiator identification
- cyber attack
- computer network security
- composability
- attribution
- attack scenario