The Creation of Network Intrusion Fingerprints by Graph Homomorphism

Authors: , ,

Abstract: Attack attribution in cyber-attacks tends to be a qualitative exercise with a substantial room for error. Graph theory is already a proven tool for modeling any connected system. Utilizing graph theory can provide a quantitative, mathematically rigorous methodology for attack attribution. By identifying homomorphic subgraphs as points of comparison, one can create a fingerprint of an attack. That would allow one to match that fingerprint to new attacks and determine if the same threat actor conducted the attack. This current study provides a mathematical method to create network intrusion fingerprints by applying graph theory homomorphisms. This provides a rigorous method for attack attribution. A case study is used to test this methodology and determine its efficacy in identifying attacks perpetrated by the same threat actor and/or using the same threat vector.

WSEAS Transactions on Information Science and Applications, ISSN / E-ISSN: 1790-0832 / 2224-3402, Volume 17, 2020, Art. #15

PDF
DOI
XML
Cite
×
Citation Tools
WSEAS AMA
Chuck Easttom, Mo, Adda, "The Creation of Network Intrusion Fingerprints by Graph Homomorphism," WSEAS Transactions on Information Science and Applications, vol. 17, pp. 124-131, 2020, DOI:10.37394/23209.2020.17.15
Chuck Easttom, Mo, Adda. The Creation of Network Intrusion Fingerprints by Graph Homomorphism. WSEAS Transactions on Information Science and Applications. 2020;17:124-131. 10.37394/23209.2020.17.15
Copy to Clipboard
Citation copied to Clipboard

Certification

---