Profiling cyber attacks using Case-based Reasoning

Stylianos Kapetanakis; Avgoustinos Filippoupolitis; George Loukas; Tariq Saad Al Murayziq

Profiling cyber attacks using Case-based Reasoning

Stylianos Kapetanakis
, Avgoustinos Filippoupolitis
, George Loukas
, Tariq Saad Al Murayziq

University of Brighton

Research output: Chapter in Book/Conference proceeding with ISSN or ISBN › Conference contribution with ISSN or ISBN › peer-review

Abstract

Computer security would arguably benefit from more information on the characteristics of the particular human attacker behind a security incident. Nevertheless, technical security mechanisms have always focused on the at-tack's characteristics rather than the attacker's. The latter is a challenging prob-lem, as relevant data cannot easily be found. We argue that the cyber traces left by a human attacker during an intrusion attempt can help towards building a profile of the particular person. To illustrate this concept, we have developed an approach using case-based reasoning that indirectly measures an attacker’s characteristics for given attack scenarios. Our results reveal that case-based rea-soning has the potential of being used to assist security and forensic investiga-tors in profiling human attackers.

Original language	English
Title of host publication	19th UK Workshop on Case-Based Reasoning
Place of Publication	Cambridge
Pages	39-48
Number of pages	10
Publication status	Published - 1 Jan 2014
Event	19th UK Workshop on Case-Based Reasoning - Cambridge, UK, 9 Dec 2014 Duration: 1 Jan 2014 → …

Workshop

Workshop	19th UK Workshop on Case-Based Reasoning
Period	1/01/14 → …

Keywords

Case-based reasoning
Cyber Security
Intrusion Detection
Artificial Intelligence

Access to Document

Profiling cyber attackers using case based reasoning.pdfAccepted author manuscript, 571 KBLicence: Unspecified

Cite this

@inproceedings{511f69c2c9e34f399eeb3f2435e5d5a0,

title = "Profiling cyber attacks using Case-based Reasoning",

abstract = "Computer security would arguably benefit from more information on the characteristics of the particular human attacker behind a security incident. Nevertheless, technical security mechanisms have always focused on the at-tack's characteristics rather than the attacker's. The latter is a challenging prob-lem, as relevant data cannot easily be found. We argue that the cyber traces left by a human attacker during an intrusion attempt can help towards building a profile of the particular person. To illustrate this concept, we have developed an approach using case-based reasoning that indirectly measures an attacker{\textquoteright}s characteristics for given attack scenarios. Our results reveal that case-based rea-soning has the potential of being used to assist security and forensic investiga-tors in profiling human attackers.",

keywords = "Case-based reasoning, Cyber Security, Intrusion Detection, Artificial Intelligence",

author = "Stylianos Kapetanakis and Avgoustinos Filippoupolitis and George Loukas and \{Saad Al Murayziq\}, Tariq",

year = "2014",

month = jan,

day = "1",

language = "English",

pages = "39--48",

booktitle = "19th UK Workshop on Case-Based Reasoning",

note = "19th UK Workshop on Case-Based Reasoning ; Conference date: 01-01-2014",

}

TY - GEN

T1 - Profiling cyber attacks using Case-based Reasoning

AU - Kapetanakis, Stylianos

AU - Filippoupolitis, Avgoustinos

AU - Loukas, George

AU - Saad Al Murayziq, Tariq

PY - 2014/1/1

Y1 - 2014/1/1

N2 - Computer security would arguably benefit from more information on the characteristics of the particular human attacker behind a security incident. Nevertheless, technical security mechanisms have always focused on the at-tack's characteristics rather than the attacker's. The latter is a challenging prob-lem, as relevant data cannot easily be found. We argue that the cyber traces left by a human attacker during an intrusion attempt can help towards building a profile of the particular person. To illustrate this concept, we have developed an approach using case-based reasoning that indirectly measures an attacker’s characteristics for given attack scenarios. Our results reveal that case-based rea-soning has the potential of being used to assist security and forensic investiga-tors in profiling human attackers.

AB - Computer security would arguably benefit from more information on the characteristics of the particular human attacker behind a security incident. Nevertheless, technical security mechanisms have always focused on the at-tack's characteristics rather than the attacker's. The latter is a challenging prob-lem, as relevant data cannot easily be found. We argue that the cyber traces left by a human attacker during an intrusion attempt can help towards building a profile of the particular person. To illustrate this concept, we have developed an approach using case-based reasoning that indirectly measures an attacker’s characteristics for given attack scenarios. Our results reveal that case-based rea-soning has the potential of being used to assist security and forensic investiga-tors in profiling human attackers.

KW - Case-based reasoning

KW - Cyber Security

KW - Intrusion Detection

KW - Artificial Intelligence

M3 - Conference contribution with ISSN or ISBN

SP - 39

EP - 48

BT - 19th UK Workshop on Case-Based Reasoning

CY - Cambridge

T2 - 19th UK Workshop on Case-Based Reasoning

Y2 - 1 January 2014

ER -

Profiling cyber attacks using Case-based Reasoning

Abstract

Workshop

Keywords

Access to Document

Fingerprint

Cite this