Cyber-deception and attribution in capture-the-flag exercises

Eric Nunes; Nimish Kulkarni; Paulo Shakarian; Andrew Ruef; Jay Little

doi:10.1007/978-3-319-32699-3_7

Cyber-deception and attribution in capture-the-flag exercises

Eric Nunes, Nimish Kulkarni, Paulo Shakarian, Andrew Ruef, Jay Little

Research output: Chapter in Book/Report/Conference proceeding › Chapter

8 Scopus citations

Abstract

Attributing the culprit of a cyber-attack is widely considered one of the major technical and policy challenges of cyber-security. The lack of ground truth for an individual responsible for a given attack has limited previous studies. Here, we overcome this limitation by leveraging DEFCON capture-the-flag (CTF) exercise data where the actual ground-truth is know. In this work, we use various classification techniques to identify the culprit in a cyberattack and find that deceptive activities account for the majority of misclassified samples. We also explore several heuristics to alleviate some of the misclassification caused by deception.

Original language	English (US)
Title of host publication	Cyber Deception
Subtitle of host publication	Building the Scientific Foundation
Publisher	Springer International Publishing
Pages	149-165
Number of pages	17
ISBN (Electronic)	9783319326993
ISBN (Print)	9783319326979
DOIs	https://doi.org/10.1007/978-3-319-32699-3_7
State	Published - Jan 1 2016

ASJC Scopus subject areas

Computer Science(all)

Access to Document

10.1007/978-3-319-32699-3_7

Cite this

@inbook{5051c24c236b44b78761560715b342e4,

title = "Cyber-deception and attribution in capture-the-flag exercises",

abstract = "Attributing the culprit of a cyber-attack is widely considered one of the major technical and policy challenges of cyber-security. The lack of ground truth for an individual responsible for a given attack has limited previous studies. Here, we overcome this limitation by leveraging DEFCON capture-the-flag (CTF) exercise data where the actual ground-truth is know. In this work, we use various classification techniques to identify the culprit in a cyberattack and find that deceptive activities account for the majority of misclassified samples. We also explore several heuristics to alleviate some of the misclassification caused by deception.",

author = "Eric Nunes and Nimish Kulkarni and Paulo Shakarian and Andrew Ruef and Jay Little",

year = "2016",

month = jan,

day = "1",

doi = "10.1007/978-3-319-32699-3_7",

language = "English (US)",

isbn = "9783319326979",

pages = "149--165",

booktitle = "Cyber Deception",

publisher = "Springer International Publishing",

}

TY - CHAP

T1 - Cyber-deception and attribution in capture-the-flag exercises

AU - Nunes, Eric

AU - Kulkarni, Nimish

AU - Shakarian, Paulo

AU - Ruef, Andrew

AU - Little, Jay

PY - 2016/1/1

Y1 - 2016/1/1

N2 - Attributing the culprit of a cyber-attack is widely considered one of the major technical and policy challenges of cyber-security. The lack of ground truth for an individual responsible for a given attack has limited previous studies. Here, we overcome this limitation by leveraging DEFCON capture-the-flag (CTF) exercise data where the actual ground-truth is know. In this work, we use various classification techniques to identify the culprit in a cyberattack and find that deceptive activities account for the majority of misclassified samples. We also explore several heuristics to alleviate some of the misclassification caused by deception.

AB - Attributing the culprit of a cyber-attack is widely considered one of the major technical and policy challenges of cyber-security. The lack of ground truth for an individual responsible for a given attack has limited previous studies. Here, we overcome this limitation by leveraging DEFCON capture-the-flag (CTF) exercise data where the actual ground-truth is know. In this work, we use various classification techniques to identify the culprit in a cyberattack and find that deceptive activities account for the majority of misclassified samples. We also explore several heuristics to alleviate some of the misclassification caused by deception.

UR - http://www.scopus.com/inward/record.url?scp=85022078225&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85022078225&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-32699-3_7

DO - 10.1007/978-3-319-32699-3_7

M3 - Chapter

AN - SCOPUS:85022078225

SN - 9783319326979

SP - 149

EP - 165

BT - Cyber Deception

PB - Springer International Publishing

ER -

Cyber-deception and attribution in capture-the-flag exercises

Abstract

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this