Attack attribution in cyber-attacks tends to be a qualitative exercise with a substantial room for error. Graph theory is already a proven tool for modeling any connected system. Utilizing graph theory can provide a quantitative, mathematically rigorous methodology for attack attribution. By identifying homomorphic subgraphs as points of comparison, one can create a fingerprint of an attack. That would allow one to match that fingerprint to new attacks and determine if the same threat actor conducted the attack. This current study provides a mathematical method to create network intrusion fingerprints by applying graph theory homomorphisms. This provides a rigorous method for attack attribution. A case study is used to test this methodology and determine its efficacy in identifying attacks perpetrated by the same threat actor and/or using the same threat vector.
|Number of pages||8|
|Journal||WSEAS Transactions on Information Science and Applications|
|Publication status||Published - 6 Aug 2020|
- graph theory
- attack attribution