Attribution in cyberspace: techniques and legal implications

Attribution of cybercrimes is significant in limiting the rate of crime as well as in preparing the required level of response. Motivated by this significance, we introduce a level‐based approach for achieving attribution. In our proposed approach, attribution consists of three steps: (1) identification of the cyberweapon used; (2) determination of the origin of the attack; and (3) identification of the actual attacker. We conduct an in‐depth analysis of recently proposed attribution techniques. Our analysis reveals that indirect methods of attribution are particularly effective when attributing cybercrimes; many of them remain unattributed. We also discuss some of the legal issues pertaining to attribution, and we argue that well‐defined international laws for cyberspace along with strong cooperation among governments are needed to track down and punish cybercriminals. Copyright © 2016 John Wiley & Sons, Ltd. Attribution of cybercrimes is essential in mitigating cybercrimes. We propose a three‐tier approach for attributing cybercrimes.These include the following: (1) identification of the cyberweapon used; (2) determination of the origin of the attack; and (3) identification of the actual attacker. A comprehensive study of existing techniques reveals that level 3 attribution has only been achieved for very few crimes. We also discuss legal issues and highlight significant requirements for punishment and attribution in cyberspace.