Cyber Attribution: An Argumentation-Based Approach

Shakarian, Paulo; Simari, Gerardo I.; Moores, Geoffrey; Parsons, Simon

doi:10.1007/978-3-319-14039-1_8

Cited by 16 publications

(14 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Rule D ′′ 1 cannot be applied. Rule D ′′ 2 is applied, as shown in (14)- (15), to the conflicting pieces of evidence where the reasonings' trust relations apply. Finally, L ′ 1 transforms all third layer formulas into second layer ones:…”

Section: A Detailed Case Study: Attribution Of a Cyber-attackmentioning

confidence: 99%

“…To the best of our knowledge, the only attempt at using belief revision during cyber-attacks' investigations is [15,16], where a probabilistic structure argumentation framework is used to analyze contradictory and uncertain data. Our procedure does not deal with probabilities, but with preferences between sources and reasoning rules.…”

Section: Related Work and Concluding Remarksmentioning

confidence: 99%

See 1 more Smart Citation

A Formal Approach to Analyzing Cyber-Forensics Evidence

2018

View full text Add to dashboard Cite

The frequency and harmfulness of cyber-attacks are increasing every day, and with them also the amount of data that the cyberforensics analysts need to collect and analyze. In this paper, we propose a formal analysis process that allows an analyst to filter the enormous amount of evidence collected and either identify crucial information about the attack (e.g., when it occurred, its culprit, its target) or, at the very least, perform a pre-analysis to reduce the complexity of the problem in order to then draw conclusions more swiftly and efficiently. We introduce the Evidence Logic E L for representing simple and derived pieces of evidence from different sources. We propose a procedure, based on monotonic reasoning, that rewrites the pieces of evidence with the use of tableau rules, based on relations of trust between sources and the reasoning behind the derived evidence, and yields a consistent set of pieces of evidence. As proof of concept, we apply our analysis process to a concrete cyber-forensics case study.

show abstract

Section: A Detailed Case Study: Attribution Of a Cyber-attackmentioning

confidence: 99%

Section: Related Work and Concluding Remarksmentioning

confidence: 99%

A Formal Approach to Analyzing Cyber-Forensics Evidence

2018

View full text Add to dashboard Cite

show abstract

“…In a similar fashion, probabilistic argumentation frameworks can be divided into those that arise from extending abstract models [69,70,71] and others based on incorporating probabilities in structured frameworks-the earliest such works appeared almost two decades ago [72,73], followed by a period of inactivity and a recent resurgence of interest in the topic [74,9,75]. Clearly, our work is closest in spirit to the latter, since labels can be seen as a generalization of probability values associated with items in the knowledge base-the generalization is not, however, a complete subsumption since the algebra in this case would simply model a probabilistic space; the modeling of the corresponding probability distribution needs to reside elsewhere, as done in the works mentioned above.…”

Section: Fuzzy and Probabilistic Frameworkmentioning

confidence: 99%

“…In a general sense, argumentation can be defined as the study of the interaction among arguments for and against conclusions, with the purpose of determining which conclusions are acceptable in order to use such claims to resolve real-world problems. Argumentation tools are applied in many areas such as legal reasoning [1,2], intelligent web search [3,4], recommender systems [5,6], autonomous agents and multiagent systems [7,8], cyber-security [9], and many others [10,11,12].…”

Section: Introductionmentioning

confidence: 99%

An approach to characterize graded entailment of arguments through a label-based framework

Budn

Simari

Viglizzo

2017

International Journal of Approximate Reasoning

Self Cite

View full text Add to dashboard Cite

Argumentation theory is a powerful paradigm that formalizes a type of commonsense reasoning that aims to simulate the human ability to resolve a specific problem in an intelligent manner. A classical argumentation process takes into account only the properties related to the intrinsic logical soundness of an argument in order to determine its acceptability status. However, these properties are not always the only ones that matter to establish the argument's acceptability-there exist other qualities, such as strength, weight, social votes, trust degree, relevance level, and certainty degree, among others.In this work, we redefine the argumentative process to improve the analysis of arguments by considering their special features in order to obtain more refined results. Towards this end, we propose adding meta-level information to the arguments in the form of labels representing quantifiable data ranking over a range of fuzzy valuations. These labels are propagated through an argumentative graph according to the relations of support, conflict, and aggregation between arguments. Through this process we obtain final labels that are useful in determining argument acceptability.

show abstract

“…Shakarian et al [7] described a cyber attribution system [8], [9] that takes into consideration different data sources and uses MAS to reason about the origin of an attack through the use of agent reasoning. The system uses information gathered about the attack as well as information gathered from a wide range of military sources to reason in-depth about the attribution of an attack.…”

Section: Related Researchmentioning

confidence: 99%

Multi-agent Systems for Dynamic Forensic Investigation

Kendrick

Hussain

Criado

2016

Intelligent Computing Theories and Application

View full text Add to dashboard Cite

Abstract. In recent years Multi-Agent Systems have proven to be a useful paradigm for areas where inconsistency and uncertainty are the norm. Network security environments suffer from these problems and could benefit from a MultiAgent model for dynamic forensic investigations. Building upon previous solutions that lack the necessary levels of scalability and autonomy, we present a decentralised model for collecting and analysing network security data to attain higher levels of accuracy and efficiency. The main contributions of the paper are: (i) a Multi-Agent model for the dynamic organisation of agents participating in forensic investigations; (ii) an agent architecture endowed with mechanisms for collecting and analysing network data; (iii) a protocol for allowing agents to coordinate and make collective decisions on the maliciousness of suspicious activity; and (iv) a simulator tool to test the proposed decentralised model, agents and communication protocol under a wide range of circumstances and scenarios.

show abstract

Cyber Attribution: An Argumentation-Based Approach

Cited by 16 publications

References 18 publications

A Formal Approach to Analyzing Cyber-Forensics Evidence

A Formal Approach to Analyzing Cyber-Forensics Evidence

An approach to characterize graded entailment of arguments through a label-based framework

Multi-agent Systems for Dynamic Forensic Investigation

Contact Info

Product

Resources

About