Abstract
The objective of this paper is to articulate the problem of attribution in cyber warfare incidents, including, surveillance, data theft, espionage, and misinformation campaigns. As the stakes increase, concerted efforts are being made by intelligence and law enforcement agencies to identify the perpetrators with much painstaking effort. Attribution tools and techniques for malicious activities on the Internet are still nascent, relying mainly on technical measurements, the provenance of malicious code, and non-technical assessments of attack and attacker characteristics to link attack activities to individuals or groups. Attribution of attacks is typically done through a burdensome manual process that relies on both technical analysis and ground intelligence. As a result, this cumbersome and laborious process of attribution is primarily reserved for the most egregious cyber attack cases and those conducted against well resourced organizations. Over time, our attribution abilities have improved, however, this improvement is a two-edged sword: as attribution capabilities improve, Internet privacy is increasingly diluted. This paper discusses attribution for two vastly different types of attacks that are central to cyber conflict today: network intrusions and social bot-led misinformation campaigns. The paper discusses the state of the art regarding attribution abilities across both types of attack, provides recommendations for improved attribution, and lays out future research directions.
Highlights
T HE INTERNET has become broadly integrated into the social and economic fabric of the world, as it concurrently becomes a bastion of crime and warfare with the stakes of cyber attacks escalating annually
The focus of digital forensics has been on civilian law enforcement cases that entail collecting irrefutable evidence that can be used in a court of law in which a chain of custody is maintained
The attribution of cyber attacks is an important research problem that has bearing on the stability and survival of the Internet
Summary
T HE INTERNET has become broadly integrated into the social and economic fabric of the world, as it concurrently becomes a bastion of crime and warfare with the stakes of cyber attacks escalating annually. Cyber attacks are impacting the political stability and economic prosperity of nation states In response to these threats, some nations are reacting in ways that are shaking foundational pillars of the Internet such as universal connectivity, unfettered access to information, and the ability to voice opinions without fear of retribution. Nation states, such as China, Egypt, UAE, Russia, and Iran are creating firewalls and using other policy and legal measures to restrict Internet access [3], and investing in tools and techniques to de-anonymize users both to take punitive action and to deter others from engaging in activities that are threatening to them. See https://creativecommons.org/licenses/by/4.0/ VOLUME 2, 2021 network intrusions and online influence operations - and the developments in techniques of cyber attribution in response to those threats
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
