Helping Forensic Analysts to Attribute Cyber-Attacks: An Argumentation-Based Reasoner View Full Text


Ontology type: schema:Chapter      Open Access: True


Chapter Info

DATE

2018-10-24

AUTHORS

Erisa Karafili , Linna Wang , Antonis C. Kakas , Emil Lupu

ABSTRACT

Discovering who performed a cyber-attack or from where it originated is essential in order to determine an appropriate response and future risk mitigation measures. In this work, we propose a novel argumentation-based reasoner for analyzing and attributing cyber-attacks that combines both technical and social evidence. Our reasoner helps the digital forensics analyst during the analysis of the forensic evidence by providing to the analyst the possible culprits of the attack, new derived evidence, hints about missing evidence, and insights about other paths of investigation. The proposed reasoner is flexible, deals with conflicting and incomplete evidence, and was tested on real cyber-attacks cases. More... »

PAGES

510-518

Book

TITLE

PRIMA 2018: Principles and Practice of Multi-Agent Systems

ISBN

978-3-030-03097-1
978-3-030-03098-8

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-030-03098-8_36

DOI

http://dx.doi.org/10.1007/978-3-030-03098-8_36

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1107803668


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0806", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information Systems", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "Department of Computing, Imperial College London, London, UK", 
          "id": "http://www.grid.ac/institutes/grid.7445.2", 
          "name": [
            "Department of Computing, Imperial College London, London, UK"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Karafili", 
        "givenName": "Erisa", 
        "id": "sg:person.012361707104.86", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012361707104.86"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Department of Computing, Imperial College London, London, UK", 
          "id": "http://www.grid.ac/institutes/grid.7445.2", 
          "name": [
            "Department of Computing, Imperial College London, London, UK"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Wang", 
        "givenName": "Linna", 
        "id": "sg:person.010217324040.66", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010217324040.66"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Department of Computer Science, University of Cyprus, Nicosia, Cyprus", 
          "id": "http://www.grid.ac/institutes/grid.6603.3", 
          "name": [
            "Department of Computer Science, University of Cyprus, Nicosia, Cyprus"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Kakas", 
        "givenName": "Antonis C.", 
        "id": "sg:person.015420665637.71", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015420665637.71"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Department of Computing, Imperial College London, London, UK", 
          "id": "http://www.grid.ac/institutes/grid.7445.2", 
          "name": [
            "Department of Computing, Imperial College London, London, UK"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Lupu", 
        "givenName": "Emil", 
        "id": "sg:person.013404167044.28", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013404167044.28"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2018-10-24", 
    "datePublishedReg": "2018-10-24", 
    "description": "Discovering who performed a cyber-attack or from where it originated is essential in order to determine an appropriate response and future risk mitigation measures. In this work, we propose a novel argumentation-based reasoner for analyzing and attributing cyber-attacks that combines both technical and social evidence. Our reasoner helps the digital forensics analyst during the analysis of the forensic evidence by providing to the analyst the possible culprits of the attack, new derived evidence, hints about missing evidence, and insights about other paths of investigation. The proposed reasoner is flexible, deals with conflicting and incomplete evidence, and was tested on real cyber-attacks cases.", 
    "editor": [
      {
        "familyName": "Miller", 
        "givenName": "Tim", 
        "type": "Person"
      }, 
      {
        "familyName": "Oren", 
        "givenName": "Nir", 
        "type": "Person"
      }, 
      {
        "familyName": "Sakurai", 
        "givenName": "Yuko", 
        "type": "Person"
      }, 
      {
        "familyName": "Noda", 
        "givenName": "Itsuki", 
        "type": "Person"
      }, 
      {
        "familyName": "Savarimuthu", 
        "givenName": "Bastin Tony Roy", 
        "type": "Person"
      }, 
      {
        "familyName": "Cao Son", 
        "givenName": "Tran", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-030-03098-8_36", 
    "isAccessibleForFree": true, 
    "isPartOf": {
      "isbn": [
        "978-3-030-03097-1", 
        "978-3-030-03098-8"
      ], 
      "name": "PRIMA 2018: Principles and Practice of Multi-Agent Systems", 
      "type": "Book"
    }, 
    "keywords": [
      "cyber attacks", 
      "forensic analysts", 
      "digital forensic analysts", 
      "reasoner", 
      "analysts", 
      "paths of investigation", 
      "forensic evidence", 
      "social evidence", 
      "attacks", 
      "possible culprit", 
      "path", 
      "appropriate response", 
      "argumentation", 
      "work", 
      "hints", 
      "evidence", 
      "incomplete evidence", 
      "order", 
      "deal", 
      "risk mitigation measures", 
      "culprit", 
      "response", 
      "cases", 
      "measures", 
      "analysis", 
      "insights", 
      "investigation", 
      "mitigation measures"
    ], 
    "name": "Helping Forensic Analysts to Attribute Cyber-Attacks: An Argumentation-Based Reasoner", 
    "pagination": "510-518", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1107803668"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-030-03098-8_36"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-030-03098-8_36", 
      "https://app.dimensions.ai/details/publication/pub.1107803668"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-09-02T16:15", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20220902/entities/gbq_results/chapter/chapter_400.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-030-03098-8_36"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-03098-8_36'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-03098-8_36'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-03098-8_36'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-03098-8_36'


 

This table displays all metadata directly associated to this object as RDF triples.

136 TRIPLES      22 PREDICATES      52 URIs      45 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-030-03098-8_36 schema:about anzsrc-for:08
2 anzsrc-for:0806
3 schema:author Nd8f724fe88b5418198348dce03b052db
4 schema:datePublished 2018-10-24
5 schema:datePublishedReg 2018-10-24
6 schema:description Discovering who performed a cyber-attack or from where it originated is essential in order to determine an appropriate response and future risk mitigation measures. In this work, we propose a novel argumentation-based reasoner for analyzing and attributing cyber-attacks that combines both technical and social evidence. Our reasoner helps the digital forensics analyst during the analysis of the forensic evidence by providing to the analyst the possible culprits of the attack, new derived evidence, hints about missing evidence, and insights about other paths of investigation. The proposed reasoner is flexible, deals with conflicting and incomplete evidence, and was tested on real cyber-attacks cases.
7 schema:editor Nbbb11418a76945f3b17782a1c66a0bce
8 schema:genre chapter
9 schema:isAccessibleForFree true
10 schema:isPartOf N25fcd6dd7a1d4d138d6e9fa5184beba6
11 schema:keywords analysis
12 analysts
13 appropriate response
14 argumentation
15 attacks
16 cases
17 culprit
18 cyber attacks
19 deal
20 digital forensic analysts
21 evidence
22 forensic analysts
23 forensic evidence
24 hints
25 incomplete evidence
26 insights
27 investigation
28 measures
29 mitigation measures
30 order
31 path
32 paths of investigation
33 possible culprit
34 reasoner
35 response
36 risk mitigation measures
37 social evidence
38 work
39 schema:name Helping Forensic Analysts to Attribute Cyber-Attacks: An Argumentation-Based Reasoner
40 schema:pagination 510-518
41 schema:productId N4d997cf66bc44cb09afd916f5df4c417
42 Ne522e5a74c89479386cc6f60f7682a47
43 schema:publisher N7d221726bbd34d00b3018c8a21b53fcf
44 schema:sameAs https://app.dimensions.ai/details/publication/pub.1107803668
45 https://doi.org/10.1007/978-3-030-03098-8_36
46 schema:sdDatePublished 2022-09-02T16:15
47 schema:sdLicense https://scigraph.springernature.com/explorer/license/
48 schema:sdPublisher N493b6e9d79ee45e683b4c06bcce443b6
49 schema:url https://doi.org/10.1007/978-3-030-03098-8_36
50 sgo:license sg:explorer/license/
51 sgo:sdDataset chapters
52 rdf:type schema:Chapter
53 N0a9b69ed12804e28bb762b97298ea87a schema:familyName Noda
54 schema:givenName Itsuki
55 rdf:type schema:Person
56 N10c9aaab654044ce9fd471db048f0af7 schema:familyName Oren
57 schema:givenName Nir
58 rdf:type schema:Person
59 N25fcd6dd7a1d4d138d6e9fa5184beba6 schema:isbn 978-3-030-03097-1
60 978-3-030-03098-8
61 schema:name PRIMA 2018: Principles and Practice of Multi-Agent Systems
62 rdf:type schema:Book
63 N348b50111922428898b887765bcbe457 rdf:first Nbbe1e11e19d0425f9b107bb88740745c
64 rdf:rest N8cf36f39421c4ac0a91978bc544978ee
65 N422b8b32bf5641759b777f3893316414 rdf:first sg:person.010217324040.66
66 rdf:rest Nbdb2f38d8405413186d209506d3336ef
67 N493b6e9d79ee45e683b4c06bcce443b6 schema:name Springer Nature - SN SciGraph project
68 rdf:type schema:Organization
69 N4d997cf66bc44cb09afd916f5df4c417 schema:name dimensions_id
70 schema:value pub.1107803668
71 rdf:type schema:PropertyValue
72 N620602d153cb42baba0879c01e7b4e83 schema:familyName Cao Son
73 schema:givenName Tran
74 rdf:type schema:Person
75 N7d221726bbd34d00b3018c8a21b53fcf schema:name Springer Nature
76 rdf:type schema:Organisation
77 N858e9e2c72644453a2fbba0a93735613 rdf:first sg:person.013404167044.28
78 rdf:rest rdf:nil
79 N8aadd2d4820b4709842ce8ebb0c11e03 rdf:first N620602d153cb42baba0879c01e7b4e83
80 rdf:rest rdf:nil
81 N8cf36f39421c4ac0a91978bc544978ee rdf:first N0a9b69ed12804e28bb762b97298ea87a
82 rdf:rest N9b17ce38836a4b14a9890dcefc5620a0
83 N9b17ce38836a4b14a9890dcefc5620a0 rdf:first Nadb72d527e4e4411aed1f5d7b6a310ba
84 rdf:rest N8aadd2d4820b4709842ce8ebb0c11e03
85 N9bde3125014c42abae52c7ca049f8830 rdf:first N10c9aaab654044ce9fd471db048f0af7
86 rdf:rest N348b50111922428898b887765bcbe457
87 Nadb72d527e4e4411aed1f5d7b6a310ba schema:familyName Savarimuthu
88 schema:givenName Bastin Tony Roy
89 rdf:type schema:Person
90 Nbbb11418a76945f3b17782a1c66a0bce rdf:first Nc864e2c875284e3590c37700825edc3c
91 rdf:rest N9bde3125014c42abae52c7ca049f8830
92 Nbbe1e11e19d0425f9b107bb88740745c schema:familyName Sakurai
93 schema:givenName Yuko
94 rdf:type schema:Person
95 Nbdb2f38d8405413186d209506d3336ef rdf:first sg:person.015420665637.71
96 rdf:rest N858e9e2c72644453a2fbba0a93735613
97 Nc864e2c875284e3590c37700825edc3c schema:familyName Miller
98 schema:givenName Tim
99 rdf:type schema:Person
100 Nd8f724fe88b5418198348dce03b052db rdf:first sg:person.012361707104.86
101 rdf:rest N422b8b32bf5641759b777f3893316414
102 Ne522e5a74c89479386cc6f60f7682a47 schema:name doi
103 schema:value 10.1007/978-3-030-03098-8_36
104 rdf:type schema:PropertyValue
105 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
106 schema:name Information and Computing Sciences
107 rdf:type schema:DefinedTerm
108 anzsrc-for:0806 schema:inDefinedTermSet anzsrc-for:
109 schema:name Information Systems
110 rdf:type schema:DefinedTerm
111 sg:person.010217324040.66 schema:affiliation grid-institutes:grid.7445.2
112 schema:familyName Wang
113 schema:givenName Linna
114 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010217324040.66
115 rdf:type schema:Person
116 sg:person.012361707104.86 schema:affiliation grid-institutes:grid.7445.2
117 schema:familyName Karafili
118 schema:givenName Erisa
119 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012361707104.86
120 rdf:type schema:Person
121 sg:person.013404167044.28 schema:affiliation grid-institutes:grid.7445.2
122 schema:familyName Lupu
123 schema:givenName Emil
124 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013404167044.28
125 rdf:type schema:Person
126 sg:person.015420665637.71 schema:affiliation grid-institutes:grid.6603.3
127 schema:familyName Kakas
128 schema:givenName Antonis C.
129 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015420665637.71
130 rdf:type schema:Person
131 grid-institutes:grid.6603.3 schema:alternateName Department of Computer Science, University of Cyprus, Nicosia, Cyprus
132 schema:name Department of Computer Science, University of Cyprus, Nicosia, Cyprus
133 rdf:type schema:Organization
134 grid-institutes:grid.7445.2 schema:alternateName Department of Computing, Imperial College London, London, UK
135 schema:name Department of Computing, Imperial College London, London, UK
136 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...