Cyber-Deception and Attribution in Capture-the-Flag Exercises

Attributing the culprit of a cyber-attack is widely considered one of the major technical and policy challenges of cyber-security. The lack of ground truth for an individual responsible for a given attack has limited previous studies. Here, we overcome this limitation by leveraging DEFCON capture-the-flag (CTF) exercise data where the actual ground-truth is known. In this work, we use various classification techniques to identify the culprit in a cyberattack and find that deceptive activities account for the majority of misclassified samples. We also explore several heuristics to alleviate some of the misclassification caused by deception.Comment: 4 pages Short name accepted to FOSINT-SI 201

Cyber Warfare and the Crime of Aggression: The Need for Individual Accountability on Tomorrow’s Battlefield

As cyberspace matures, the international system faces a new challenge in confronting the use of force. Non-State actors continue to grow in importance, gaining the skill and the expertise necessary to wage asymmetric warfare using non-traditional weaponry that can create devastating real-world consequences. The international legal system must adapt to this battleground and provide workable mechanisms to hold aggressive actors accountable for their actions. The International Criminal Court--the only criminal tribunal in the world with global reach--holds significant promise in addressing this threat. The Assembly of State Parties should construct the definition of aggression to include these emerging challenges. By structuring the definition to confront the challenges of cyberspace--specifically non-State actors, the disaggregation of warfare, and new conceptions of territoriality--the International Criminal Court can become a viable framework of accountability for the wars of the twenty-first century

Traffic and Log Data Captured During a Cyber Defense Exercise

Cybersecurity research relies on relevant datasets providing researchers a snapshot of network traffic generated by current users and modern applications and services. The lack of datasets coming from a realistic network environment leads to inefficiency of newly designed methods that are not useful in practice. This data article provides network traffic flows and event logs (Linux and Windows) from a two-day cyber defense exercise involving attackers, defenders, and fictitious users operating in a virtual exercise network. The data are stored as structured JSON, including data schemes and data dictionaries, ready for direct processing. Network topology of the exercise network in NetJSON format is also provided

The Bastion Network Project

Workshop on Education in Computer Security (WECS) 6The Naval Postgraduate School’s Center for Information Systems Security Studies and Research (CISR) has developed a small, but realistic network lab—the Bastion Network—that is dedicated to educating students in the myriad elements involved in the secure operation of a computer network. This paper describes the rationale for this network lab, and offers an overview of a simple framework that could accommodate educational network interaction with other schools that have similar IA educational goals, and that have, or may soon acquire, similarly designated labs. The framework describes the essential elements of a memorandum of understanding, and twelve suggested inter-network cyber-exercise scenarios

Jack Voltaic 3.0 Cyber Research Report

The Jack Voltaic (JV) Cyber Research project is an innovative, bottom-up approach to critical infrastructure resilience that informs our understanding of existing cybersecurity capabilities and identifies gaps. JV 3.0 contributed to a repeatable framework cities and municipalities nationwide can use to prepare. This report on JV 3.0 provides findings and recommendations for the military, federal agencies, and policy makers