4 research outputs found
Time-stamped claim logic
The main objective of this paper is to define a logic for reasoning about distributed time-stamped claims. Such a logic is interesting for theoretical reasons, i.e., as a logic per se, but also because it has a number of practical applications, in particular when one needs to reason about a huge amount of pieces of evidence collected from different sources, where some of the pieces of evidence may be contradictory and some sources are considered to be more trustworthy than others. We introduce the Time-Stamped Claim Logic including a sound and complete sequent calculus. In order to show how Time-Stamped Claim Logic can be used in practice, we consider a concrete cyber-attribution case study
An Argumentation-Based Reasoner to Assist Digital Investigation and Attribution of Cyber-Attacks
We expect an increase in the frequency and severity of cyber-attacks that
comes along with the need for efficient security countermeasures. The process
of attributing a cyber-attack helps to construct efficient and targeted
mitigating and preventive security measures. In this work, we propose an
argumentation-based reasoner (ABR) as a proof-of-concept tool that can help a
forensics analyst during the analysis of forensic evidence and the attribution
process. Given the evidence collected from a cyber-attack, our reasoner can
assist the analyst during the investigation process, by helping him/her to
analyze the evidence and identify who performed the attack. Furthermore, it
suggests to the analyst where to focus further analyses by giving hints of the
missing evidence or new investigation paths to follow. ABR is the first
automatic reasoner that can combine both technical and social evidence in the
analysis of a cyber-attack, and that can also cope with incomplete and
conflicting information. To illustrate how ABR can assist in the analysis and
attribution of cyber-attacks we have used examples of cyber-attacks and their
analyses as reported in publicly available reports and online literature. We do
not mean to either agree or disagree with the analyses presented therein or
reach attribution conclusions