This SpringerBrief discusses how to develop intelligent systems for
cyber attribution regarding cyber-attacks. Specifically, the authors
review the multiple facets of the cyber attribution problem that make it
difficult for "out-of-the-box" artificial intelligence and machine
learning techniques to handle.
Attributing a cyber-operation through the use of multiple pieces of
technical evidence (i.e., malware reverse-engineering and source
tracking) and conventional intelligence sources (i.e., human or signals
intelligence) is a difficult problem not only due to the effort required
to obtain evidence, but the ease with which an adversary can plant false
evidence.
This SpringerBrief not only lays out the theoretical foundations for how
to handle the unique aspects of cyber attribution - and how to update
models used for this purpose - but it also describes a series of
empirical results, as well as compares results of specially-designed
frameworks for cyber attribution to standard machine learning
approaches.
Cyber attribution is not only a challenging problem, but there are also
problems in performing such research, particularly in obtaining relevant
data. This SpringerBrief describes how to use capture-the-flag for such
research, and describes issues from organizing such data to running your
own capture-the-flag specifically designed for cyber attribution.
Datasets and software are also available on the companion website.
