Affiliation:
1. School of Computing, University of Portsmouth, Portsmouth, Hampshire, UK
Abstract
Attack attribution in cyber-attacks tends to be a qualitative exercise with a substantial room forerror. Graph theory is already a proven tool for modeling any connected system. Utilizing graph theory canprovide a quantitative, mathematically rigorous methodology for attack attribution. By identifyinghomomorphic subgraphs as points of comparison, one can create a fingerprint of an attack. That would allowone to match that fingerprint to new attacks and determine if the same threat actor conducted the attack. Thiscurrent study provides a mathematical method to create network intrusion fingerprints by applying graph theoryhomomorphisms. This provides a rigorous method for attack attribution. A case study is used to test thismethodology and determine its efficacy in identifying attacks perpetrated by the same threat actor and/or usingthe same threat vector.
Publisher
World Scientific and Engineering Academy and Society (WSEAS)
Subject
Computer Science Applications,Information Systems
Reference33 articles.
1. Hansen, L. P. The Spy Who Never Has to Go Out Into the Cold: Cyber Espionage. In Encyclopedia of Criminal Activities and the Deep Web (pp. 258-270). IGI Global. 2020.
2. Easttom, C. The role of weaponized malware in cyber conflict and espionage. In Proc. 13th Int. Conf. Cyber Warfare Secur.(ICCWS) (p. 191). 2018.
3. Easttom. An Examination of the Operational Requirements of Weaponized Malware. Journal of Information Warfare 17 (2). 2018.
4. Vasiu, I., & Vasiu, L. Malicious Cyber Activity Distribution, Attribution, and Retribution. Advanced Cyberlaw and Electronic Security, 9-19. 2017.
5. Cook, A., Nicholson, A., Janicke, H., Maglaras, L. A., & Smith, R. Attribution of cyber-attacks on industrial control systems. EAI Endorsed Trans. Indust. Netw. & Intellig. Syst., 3(7), e3. 2016.
Cited by
1 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献