An Argumentation Based Framework to Address the Attribution Problem in Cyber Warfare

PAULO SHAKARIAN; GERARDO I. SIMARI; GEOFFREY MOORES; SIMON PARSONS; MARCELO A. FALAPPA

Stanford

Conferencia; Cyber Security 2014; 2014

Attributing a cyber-operation through the use of multiple pieces of technical evidence (i.e., malware reverseengineering and source tracking) and conventional intelligence sources (i.e., human or signals intelligence) is a difficult problem not only due to the eort required to obtain evidence, but the ease with which an adversary can plant false evidence. In this paper, we introduce a formal reasoning system called the InCA (Intelligent Cyber Attribution) framework that is designed to aid an analyst in the attribution of a cyber-operation even when the available information is conflicting and/or uncertain. Our approach combines argumentation-based reasoning, logic programming, and probabilistic models to not only attribute an operation but also explain to the analyst why the system reaches itsconclusions.