|Table of Contents|

Method of Tracing Attacks Based on Controllable Network

《南京理工大学学报》(自然科学版)[ISSN:1005-9830/CN:32-1397/N]

Issue:
2005年03期
Page:
356-359
Research Field:
Publishing date:

Info

Title:
Method of Tracing Attacks Based on Controllable Network
Author(s):
DAI Jiang-shan XIAO Jun-mo
Institute of Communications Engineering, PLA University of Science and Technology, Nanjing 210007, China
Keywords:
netw ork security netw ork forensics tracing a ttacks
PACS:
TP393.08
DOI:
-
Abstract:
A model o f the contro llab le netw ork w as formalized, and the characteristics of the hidden ne-t w ork attacks were analyzed. An a lgorithm based on a con tro llable netw ork w as presented to detect and trace the hidden netw ork attack. In the contro llable netw ork, mon itors w ere d istributed and cou ld transfer messages to each other through amon itor center. W ith the h idden netw ork attack detect ion ru les based on the characteristics and themessages from othermonitors, amonitor captured netw ork packets and applied the a lgorithm to analyze them. A s a resu l,t the h idden netwo rk attack from the con tro llable netw ork can be detected and traced to its real orig in. An example is used to illustrate its pract icab ility and effectiveness of the method.

References:

[ 1] Lee S C, Sh ie lds C. T rac ing the sou rce of netwo rk a-t tack: A techn ica l lega l and soc ie tal problem [ A ]. Proceed ing s of the 2001 IEEEW orkshop on Info rm ation Assurance and Secur ity [ C]. Oakland: IEEE Com pute r Soc iety Press, 2001. 239- 246.
[ 2] 夏春和, 王海泉, 吴震, 等. 攻击源定位问题的研究[ J]. 计算机研究与发展, 2003, 40 ( 7 ): 1 021 - 1 027.
[ 3] Savage S, W ethe ra ll D, K arlin A, et a.l Netw ork support for IP traceback [ J]. IEEE /ACM Transac tions on Ne-t wo rk, 2001, 9( 3): 226- 237.
[ 4] Dean D, FranklinM, Stubblefield A. An algebra ic approach to IP traceback [ J]. ACM Transac tions on Info rma tion and System Security, 2002, 5( 2): 119 - 137.
[ 5] M cConnellM, H am ilton A. Info rm ation assurance in the tw en ty- first century [ EB /OL] . http: / /www. com puter. org / secur ity /supp lement1 /mcc, 2004- 04- 15.
[ 6] M orr is R T. A w eakness in the 4. 2BSD UN IX TCP / IP so ftw are [ R]. New Je rsey: Am erican Telephone and Te-l egraph Com pany Be ll Laborator ies, 1985.

Memo

Memo:
-
Last Update: 2013-03-03