Cyber-deception and attribution in capture-the-flag exercises

Eric Nunes, Nimish Kulkarni, Paulo Shakarian, Andrew Ruef, Jay Little

Research output: Chapter in Book/Report/Conference proceedingChapter

8 Scopus citations


Attributing the culprit of a cyber-attack is widely considered one of the major technical and policy challenges of cyber-security. The lack of ground truth for an individual responsible for a given attack has limited previous studies. Here, we overcome this limitation by leveraging DEFCON capture-the-flag (CTF) exercise data where the actual ground-truth is know. In this work, we use various classification techniques to identify the culprit in a cyberattack and find that deceptive activities account for the majority of misclassified samples. We also explore several heuristics to alleviate some of the misclassification caused by deception.

Original languageEnglish (US)
Title of host publicationCyber Deception
Subtitle of host publicationBuilding the Scientific Foundation
PublisherSpringer International Publishing
Number of pages17
ISBN (Electronic)9783319326993
ISBN (Print)9783319326979
StatePublished - Jan 1 2016

ASJC Scopus subject areas

  • Computer Science(all)


Dive into the research topics of 'Cyber-deception and attribution in capture-the-flag exercises'. Together they form a unique fingerprint.

Cite this