Today Erisa Karafili from the Imperial College London has given a talk on “Helping Forensic Analysts to Analyze and Attribute Cyber-Attacks” as a part of our Theory seminars.
Abstract: The frequency and harmfulness of cyber-attacks are increasing every day, and with them also the amount of data that the cyber-forensics analysts need to collect and analyze. Analyzing and discovering who performed an attack or from where it originated would permit to put in act targeted mitigative and preventive measures. In my talk, I will present two techniques that help the forensics analyst to analyze and attribute cyber-attacks. The first technique is a formal analysis process that allows an analyst to filter the enormous amount of evidence collected and either identify crucial information about the attack (e.g., when it occurred, its culprit, its target) or, at the very least, perform a pre-analysis to reduce the complexity of the problem in order to then draw conclusions more swiftly and efficiently. The second technique is a novel argumentation-based reasoner (ABR) for analyzing and attributing cyber-attacks that includes in its reasoning technical and social evidence.