Skip to main content
SpringerLink
Log in

Helping Forensic Analysts to Attribute Cyber-Attacks: An Argumentation-Based Reasoner

  • Conference paper
  • First Online:
PRIMA 2018: Principles and Practice of Multi-Agent Systems (PRIMA 2018)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 11224))

Abstract

Discovering who performed a cyber-attack or from where it originated is essential in order to determine an appropriate response and future risk mitigation measures. In this work, we propose a novel argumentation-based reasoner for analyzing and attributing cyber-attacks that combines both technical and social evidence. Our reasoner helps the digital forensics analyst during the analysis of the forensic evidence by providing to the analyst the possible culprits of the attack, new derived evidence, hints about missing evidence, and insights about other paths of investigation. The proposed reasoner is flexible, deals with conflicting and incomplete evidence, and was tested on real cyber-attacks cases.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    T represents the argument rules, while P represents the preference rules.

  2. 2.

    The rule’s name represents the layer of the rule, i.e., the rules’ names of the technical, operational, and strategic layer start correspondingly with t, o, and s.

References

  1. Carrier, B.: Defining digital forensic examination and analysis tools using abstraction layers. Int. J. Digit. Evid. 1(4), 1–12 (2003)

    Google Scholar 

  2. da Cruz Nassif, L.F., Hruschka, E.R.: Document clustering for forensic analysis: an approach for improving computer inspection. IEEE Trans. Inf. Forensic Secur. 8(1), 46–54 (2013)

    Article  Google Scholar 

  3. DCMS: Cyber security breaches survey 2018 (2018). https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2018

  4. Goutam, R.K.: The problem of attribution in cyber security. Int. J. Comput. Appl. Found. Comput. Sci. 131(7), 34–36 (2015)

    Google Scholar 

  5. Kakas, A., Moraitis, P.: Argumentation based decision making for autonomous agents. In: AAMAS 2003, pp. 883–890 (2003)

    Google Scholar 

  6. Kakas, A.C., Mancarella, P., Dung, P.M.: The acceptability semantics for logic programs. In: International Conference on Logic Programming, pp. 504–519 (1994)

    Google Scholar 

  7. Karafili, E., Cristani, M., Viganò, L.: A formal approach to analyzing cyber-forensics evidence. In: Lopez, J., Zhou, J., Soriano, M. (eds.) ESORICS 2018. LNCS, vol. 11098, pp. 281–301. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99073-6_14

    Chapter  Google Scholar 

  8. Karafili, E., Kakas, A.C., Spanoudakis, N.I., Lupu, E.C.: Argumentation-based Security for Social Good. In: AAAI Fall Symposium Series (2017)

    Google Scholar 

  9. Kent, K., Chevalier, S., Grance, T., Dang, H.: SP 800–86. Guide to Integrating Forensic Techniques into Incident Response. Technical report, NIST (2006)

    Google Scholar 

  10. Newman, L.H.: The Biggest Cybersecurity Disasters of 2017 So Far (2017). https://www.wired.com/story/2017-biggest-hacks-so-far/

  11. Nunes, E., Shakarian, P., Simari, G.I.: Toward argumentation-based cyber attribution. In: AAAI Workshops (2016)

    Google Scholar 

  12. Prakken, H., Sartor, G.: Argument-based extended logic programming with defeasible priorities. J. Appl. Non-Class. Log. 7(1), 25–75 (1997)

    Article  MathSciNet  Google Scholar 

  13. Rid, T., Buchanan, B.: Attributing cyber attacks. J. Strat. Stud. 38(1–2), 4–37 (2015)

    Article  Google Scholar 

  14. Shakarian, P., Simari, G.I., Moores, G., Parsons, S.: Cyber attribution: an argumentation-based approach. In: Jajodia, S., Shakarian, P., Subrahmanian, V.S., Swarup, V., Wang, C. (eds.) Cyber Warfare. AIS, vol. 56, pp. 151–171. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-14039-1_8

    Chapter  Google Scholar 

Download references

Acknowledgments

Erisa Karafili was supported by the European Union’s H2020 research and innovation programme under the Marie Skłodowska-Curie grant agreement No. 746667.

Author information

Authors and Affiliations

  1. Department of Computing, Imperial College London, London, UK

    Erisa Karafili, Linna Wang & Emil Lupu

  2. Department of Computer Science, University of Cyprus, Nicosia, Cyprus

    Antonis C. Kakas

Authors
  1. Erisa Karafili
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Linna Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Antonis C. Kakas
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Emil Lupu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Erisa Karafili .

Editor information

Editors and Affiliations

  1. School of Computing and Information Systems, University of Melbourne, Melbourne, Australia

    Tim Miller

  2. Department of Computer Science, University of Aberdeen, Aberdeen, UK

    Nir Oren

  3. Artificial Intelligence Research Center (AIRC), National Institute of Advanced Industrial Science and Technology (AIST), Tokyo, Japan

    Yuko Sakurai

  4. Artificial Intelligence Research Center (AIRC), National Institute of Advanced Industrial Science and Technology (AIST), Tsukuba, Japan

    Itsuki Noda

  5. University of Otago, Dunedin, New Zealand

    Bastin Tony Roy Savarimuthu

  6. Computer Science Department, New Mexico State University, Las Cruces, USA

    Tran Cao Son

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Karafili, E., Wang, L., Kakas, A.C., Lupu, E. (2018). Helping Forensic Analysts to Attribute Cyber-Attacks: An Argumentation-Based Reasoner. In: Miller, T., Oren, N., Sakurai, Y., Noda, I., Savarimuthu, B.T.R., Cao Son, T. (eds) PRIMA 2018: Principles and Practice of Multi-Agent Systems. PRIMA 2018. Lecture Notes in Computer Science(), vol 11224. Springer, Cham. https://doi.org/10.1007/978-3-030-03098-8_36

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-03098-8_36

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-03097-1

  • Online ISBN: 978-3-030-03098-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation