10,511 research outputs found
Cyber-Deception and Attribution in Capture-the-Flag Exercises
Attributing the culprit of a cyber-attack is widely considered one of the
major technical and policy challenges of cyber-security. The lack of ground
truth for an individual responsible for a given attack has limited previous
studies. Here, we overcome this limitation by leveraging DEFCON
capture-the-flag (CTF) exercise data where the actual ground-truth is known. In
this work, we use various classification techniques to identify the culprit in
a cyberattack and find that deceptive activities account for the majority of
misclassified samples. We also explore several heuristics to alleviate some of
the misclassification caused by deception.Comment: 4 pages Short name accepted to FOSINT-SI 201
Hacker Combat: A Competitive Sport from Programmatic Dueling & Cyberwarfare
The history of humanhood has included competitive activities of many
different forms. Sports have offered many benefits beyond that of
entertainment. At the time of this article, there exists not a competitive
ecosystem for cyber security beyond that of conventional capture the flag
competitions, and the like. This paper introduces a competitive framework with
a foundation on computer science, and hacking. This proposed competitive
landscape encompasses the ideas underlying information security, software
engineering, and cyber warfare. We also demonstrate the opportunity to rank,
score, & categorize actionable skill levels into tiers of capability.
Physiological metrics are analyzed from participants during gameplay. These
analyses provide support regarding the intricacies required for competitive
play, and analysis of play. We use these intricacies to build a case for an
organized competitive ecosystem. Using previous player behavior from gameplay,
we also demonstrate the generation of an artificial agent purposed with
gameplay at a competitive level
Science Hackathons for Cyberphysical System Security Research: Putting CPS testbed platforms to good use
A challenge is to develop cyber-physical system scenarios that reflect the
diversity and complexity of real-life cyber-physical systems in the research
questions that they address. Time-bounded collaborative events, such as
hackathons, jams and sprints, are increasingly used as a means of bringing
groups of individuals together, in order to explore challenges and develop
solutions. This paper describes our experiences, using a science hackathon to
bring individual researchers together, in order to develop a common use-case
implemented on a shared CPS testbed platform that embodies the diversity in
their own security research questions. A qualitative study of the event was
conducted, in order to evaluate the success of the process, with a view to
improving future similar events
- …