The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

An argumentation-based reasoner to assist digital investigation and attribution of cyber-attacks

An argumentation-based reasoner to assist digital investigation and attribution of cyber-attacks
An argumentation-based reasoner to assist digital investigation and attribution of cyber-attacks
We expect an increase in the frequency and severity of cyber-attacks that comes along with the need for efficient security countermeasures. The process of attributing a cyber-attack helps to construct efficient and targeted mitigating and preventive security measures. In this work, we propose an argumentation-based reasoner (ABR) as a proof-of-concept tool that can help a forensics analyst during the analysis of forensic evidence and the attribution process. Given the evidence collected from a cyber-attack, our reasoner can assist the analyst during the investigation process, by helping him/her to analyze the evidence and identify who performed the attack. Furthermore, it suggests to the analyst where to focus further analyses by giving hints of the missing evidence or new investigation paths to follow. ABR is the first automatic reasoner that can combine both technical and social evidence in the analysis of a cyber-attack, and that can also cope with incomplete and conflicting information. To illustrate how ABR can assist in the analysis and attribution of cyber-attacks we have used examples of cyber-attacks and their analyses as reported in publicly available reports and online literature. We do not mean to either agree or disagree with the analyses presented therein or reach attribution conclusions.
Argumentation reasoning, Attribution, Cyber-attacks, Digital investigation
2666-2817
Karafili, Erisa
f5efa31c-22b8-443e-8107-e488bd28918e
Wang, Linna
932e8b82-53ca-4945-9a7a-5b2a66a2d8d2
Lupu, Emil
a7fda3ad-5b14-4199-b015-2316571edd7b
Karafili, Erisa
f5efa31c-22b8-443e-8107-e488bd28918e
Wang, Linna
932e8b82-53ca-4945-9a7a-5b2a66a2d8d2
Lupu, Emil
a7fda3ad-5b14-4199-b015-2316571edd7b

Karafili, Erisa, Wang, Linna and Lupu, Emil (2020) An argumentation-based reasoner to assist digital investigation and attribution of cyber-attacks. Forensic Science International: Digital Investigation, 32 (S), [300925]. (doi:10.1016/j.fsidi.2020.300925).

Record type: Article

Abstract

We expect an increase in the frequency and severity of cyber-attacks that comes along with the need for efficient security countermeasures. The process of attributing a cyber-attack helps to construct efficient and targeted mitigating and preventive security measures. In this work, we propose an argumentation-based reasoner (ABR) as a proof-of-concept tool that can help a forensics analyst during the analysis of forensic evidence and the attribution process. Given the evidence collected from a cyber-attack, our reasoner can assist the analyst during the investigation process, by helping him/her to analyze the evidence and identify who performed the attack. Furthermore, it suggests to the analyst where to focus further analyses by giving hints of the missing evidence or new investigation paths to follow. ABR is the first automatic reasoner that can combine both technical and social evidence in the analysis of a cyber-attack, and that can also cope with incomplete and conflicting information. To illustrate how ABR can assist in the analysis and attribution of cyber-attacks we have used examples of cyber-attacks and their analyses as reported in publicly available reports and online literature. We do not mean to either agree or disagree with the analyses presented therein or reach attribution conclusions.

Text
KarafiliWL2020 - Accepted Manuscript
Available under License Creative Commons Attribution Non-commercial No Derivatives.
Download (196kB)

More information

Accepted/In Press date: 24 March 2020
e-pub ahead of print date: 29 May 2020
Published date: 2020
Related URLs:
Keywords: Argumentation reasoning, Attribution, Cyber-attacks, Digital investigation
Learn more about Cyber Security research

Identifiers

Local EPrints ID: 438962
URI: http://eprints.soton.ac.uk/id/eprint/438962
DOI: doi:10.1016/j.fsidi.2020.300925
ISSN: 2666-2817
PURE UUID: 1ee20088-88c3-4fa6-a1a6-164c26673363
ORCID for Erisa Karafili: ORCID iD orcid.org/0000-0002-8250-4389

Catalogue record

Date deposited: 30 Mar 2020 16:30
Last modified: 17 Mar 2024 05:26

Export record

Altmetrics

Contributors

Author: Erisa Karafili ORCID iD
Author: Linna Wang
Author: Emil Lupu

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×