Skip to Main content Skip to Navigation

Vers un regroupement multicritères comme outil d'aide à l'attribution d'attaque dans le cyber-espace

Abstract : Many security experts have recently acknowledged the fact that the cyber-crime scene becomes increasingly organized and more consolidated. Even though there are some plausible indicators about the origins, causes, and consequences of these new malicious activities observed in the Internet, very few claims can be backed up by scientific evidence. In particular, many questions remain regarding the attribution of the attacks and the organization of cybercrime. The main contribution of this thesis consists in developing an analytical method to systematically address the problem of attack attribution in cyberspace. Our approach is based on a novel combination of a graph-based clustering technique with a data aggregation method inspired by multi-criteria decision analysis (MCDA). More specifically, we show that it is possible to analyze large-scale attack phenomena from separate viewpoints, revealing meaningful patterns with respect to various attack features. Secondly, we show how to systematically combine all those viewpoints such that the behavioral properties of attack phenomena are appropriately modeled in the aggregation process. Consequently, our global threat analysis method can attribute apparently different security events to a common root cause or phenomenon, based on the combination of all available evidence. Perhaps more importantly, our attack attribution technique can also emphasize the modus operandi of the attackers. This can help an analyst to get insights into how cybercriminals operate in the real-world, but also which strategies they are using.
Complete list of metadata

Cited literature [182 references]  Display  Hide  Download
Contributor : Ecole Télécom ParisTech Connect in order to contact the contributor
Submitted on : Friday, April 16, 2010 - 8:00:00 AM
Last modification on : Friday, October 23, 2020 - 4:37:49 PM
Long-term archiving on: : Thursday, March 30, 2017 - 5:53:31 AM


  • HAL Id : pastel-00006003, version 1


Olivier Thonnard. Vers un regroupement multicritères comme outil d'aide à l'attribution d'attaque dans le cyber-espace. domain_other. Télécom ParisTech, 2010. Français. ⟨pastel-00006003⟩



Record views


Files downloads