The creation of network intrusion fingerprints by graph homomorphism

William Easttom, Mo Adda

Research output: Contribution to journalArticlepeer-review

170 Downloads (Pure)


Attack attribution in cyber-attacks tends to be a qualitative exercise with a substantial room for error. Graph theory is already a proven tool for modeling any connected system. Utilizing graph theory can provide a quantitative, mathematically rigorous methodology for attack attribution. By identifying homomorphic subgraphs as points of comparison, one can create a fingerprint of an attack. That would allow one to match that fingerprint to new attacks and determine if the same threat actor conducted the attack. This current study provides a mathematical method to create network intrusion fingerprints by applying graph theory homomorphisms. This provides a rigorous method for attack attribution. A case study is used to test this methodology and determine its efficacy in identifying attacks perpetrated by the same threat actor and/or using the same threat vector.
Original languageEnglish
Pages (from-to)124-131
Number of pages8
JournalWSEAS Transactions on Information Science and Applications
Publication statusPublished - 6 Aug 2020


  • graph theory
  • fingerprinting
  • attack attribution


Dive into the research topics of 'The creation of network intrusion fingerprints by graph homomorphism'. Together they form a unique fingerprint.

Cite this