The Creation of Network Intrusion Fingerprints by Graph Homomorphism

Attack attribution in cyber-attacks tends to be a qualitative exercise with a substantial room forerror. Graph theory is already a proven tool for modeling any connected system. Utilizing graph theory canprovide a quantitative, mathematically rigorous methodology for attack attribution. By identifyinghomomorphic subgraphs as points of comparison, one can create a fingerprint of an attack. That would allowone to match that fingerprint to new attacks and determine if the same threat actor conducted the attack. Thiscurrent study provides a mathematical method to create network intrusion fingerprints by applying graph theoryhomomorphisms. This provides a rigorous method for attack attribution. A case study is used to test thismethodology and determine its efficacy in identifying attacks perpetrated by the same threat actor and/or usingthe same threat vector.

Cyber + Culture

Technical advances in cyber-attack attribution continues to show incremental improvement. A growing interest in the role of the human in perception management, and decision-making suggest that other aspects of human cognition may be able to help inform attribution, and other aspects of cyber security such as defending and training. Values shape behaviors and cultural values set norms for groups of people. Therefore, they should be considered when modeling behaviors. The lack of studies in this area requires exploration and foundational work to learn the limits of this area of research. This chapter highlights some of the findings of some of the recent studies.