In this paper, we study coordinated attacks launched by multiple malicious agents and the problem of detecting ma-licious groups of attackers. The paper proposes a formal method and an algorithm for detecting action interference between users. It has to be pointed out that some members of a malicious group may not necessarily perform illegal ac-tions, for example, they can prepare and organize an attack without taking active part in the actual attack execution. In addition, members of a malicious group may not necessar-ily know each other. The method we propose tries to solve these problems by building a coordination graph which in-cludes all users who, in some way or another, cooperate with each other, i.e., the maximal malicious group of coop-erating users including not only the executers of the attack but also their assistants. The paper also proposes formal metrics on coordination graphs that help differentiate cen-tral from peripheral attackers. 1
To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.