NotesFAQContact Us
Search Tips
ERIC Number: ED547950
Record Type: Non-Journal
Publication Date: 2012
Pages: 144
Abstractor: As Provided
Reference Count: N/A
ISBN: 978-1-2673-9050-9
Cyberprints: Identifying Cyber Attackers by Feature Analysis
Blakely, Benjamin A.
ProQuest LLC, Ph.D. Dissertation, Iowa State University
The problem of attributing cyber attacks is one of increasing importance. Without a solid method of demonstrating the origin of a cyber attack, any attempts to deter would-be cyber attackers are wasted. Existing methods of attribution make unfounded assumptions about the environment in which they will operate: omniscience (the ability to gather, store, and analyze any data relevant to an attack), omnipresence (the ability to place sensors wherever necessary regardless of jurisdiction or ownership), and a priori positioning (ignorance of the real costs of placing sensors in speculative locations). The reality is that attribution must be able to occur with only the information available directly to a forensic analyst, gathered within the target network, using budget-conscious placement of sensors and analyzers. These assumptions require a new form of attribution. This work evaluates the use of a number of network-level features as an analog of stylistic markers in literature. We find that principal component analysis is not a useful tool in analyzing these features. We are, however, able to perform Kolmogorov-Smirnov comparisons upon the feature set distributions directly to find a subset of the examined features which hold promise for forming the foundation of a Cyberprint. This foundation could be used to examine other potential features for discriminatory power, and to establish a new direction for network forensic analysis. [The dissertation citations contained here are published with the permission of ProQuest LLC. Further reproduction is prohibited without permission. Copies of dissertations may be obtained by Telephone (800) 1-800-521-0600. Web page:]
ProQuest LLC. 789 East Eisenhower Parkway, P.O. Box 1346, Ann Arbor, MI 48106. Tel: 800-521-0600; Web site:
Publication Type: Dissertations/Theses - Doctoral Dissertations
Education Level: N/A
Audience: N/A
Language: English
Sponsor: N/A
Authoring Institution: N/A