Visible to the public Using Attack Pattern for Cyber Attack Attribution

TitleUsing Attack Pattern for Cyber Attack Attribution
Publication TypeConference Paper
Year of Publication2019
AuthorsAvellaneda, Florent, Alikacem, El-Hackemi, Jaafar, Femi
Conference Name2019 International Conference on Cybersecurity (ICoCSec)
Date PublishedSept. 2019
PublisherIEEE
ISBN Number978-1-7281-5657-6
Keywordsattack pattern, attack scenario, attribution, composability, computer network security, cyber attack, cyber attack initiator identification, Cyber Attribution, cyber attribution problem, data availability, data confidentiality, data integrity, Human Behavior, individual organization, information system, Metrics, pubcrawl
Abstract

A cyber attack is a malicious and deliberate attempt by an individual or organization to breach the integrity, confidentiality, and/or availability of data or services of an information system of another individual or organization. Being able to attribute a cyber attack is a crucial question for security but this question is also known to be a difficult problem. The main reason why there is currently no solution that automatically identifies the initiator of an attack is that attackers usually use proxies, i.e. an intermediate node that relays a host over the network. In this paper, we propose to formalize the problem of identifying the initiator of a cyber attack. We show that if the attack scenario used by the attacker is known, then we are able to resolve the cyber attribution problem. Indeed, we propose a model to formalize these attack scenarios, that we call attack patterns, and give an efficient algorithm to search for attack pattern on a communication history. Finally, we experimentally show the relevance of our approach.

URLhttps://ieeexplore.ieee.org/document/8970906/
DOI10.1109/ICoCSec47621.2019.8970906
Citation Keyavellaneda_using_2019