Abstract
Attack attribution in cyber-attacks tends to be a qualitative exercise with a substantial room for error. Graph theory is already a proven tool for modeling any connected system. Utilizing graph theory can provide a quantitative, mathematically rigorous methodology for attack attribution. By identifying homomorphic subgraphs as points of comparison, one can create a fingerprint of an attack. That would allow one to match that fingerprint to new attacks and determine if the same threat actor conducted the attack. This current study provides a mathematical method to create network intrusion fingerprints by applying graph theory homomorphisms. This provides a rigorous method for attack attribution. A case study is used to test this methodology and determine its efficacy in identifying attacks perpetrated by the same threat actor and/or using the same threat vector.
Original language | English |
---|---|
Pages (from-to) | 124-131 |
Number of pages | 8 |
Journal | WSEAS Transactions on Information Science and Applications |
Volume | 17 |
DOIs | |
Publication status | Published - 6 Aug 2020 |
Keywords
- graph theory
- fingerprinting
- attack attribution