Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Anonymous Connections and Onion Routing
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Proceedings of the 10th ACM conference on Computer and communications security
Computer Security in the Real World
Computer
Tracing Anonymous Packets to Their Approximate Source
LISA '00 Proceedings of the 14th USENIX conference on System administration
Remote Physical Device Fingerprinting
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Understanding the network-level behavior of spammers
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Revealing botnet membership using DNSBL counter-intelligence
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Filtering spam with behavioral blacklisting
Proceedings of the 14th ACM conference on Computer and communications security
A case study of the rustock rootkit and spam bot
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Spamscatter: characterizing internet scam hosting infrastructure
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Passport: secure and adoptable source authentication
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Characterizing botnets from email spam records
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Spamming botnets: signatures and characteristics
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Accountable internet protocol (aip)
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
SS'08 Proceedings of the 17th conference on Security symposium
BotGraph: large scale spamming botnet detection
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Peering through the shroud: the effect of edge opacity on ip-based client identification
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
How to tell an airport from a home: techniques and applications
Hotnets-IX Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks
Strengthening forensic investigations of child pornography on P2P networks
Proceedings of the 6th International COnference
The problem isn't attribution: it's multi-stage attacks
Proceedings of the Re-Architecting the Internet Workshop
NAT usage in residential broadband networks
PAM'11 Proceedings of the 12th international conference on Passive and active measurement
Characterizing Intelligence Gathering and Control on an Edge Network
ACM Transactions on Internet Technology (TOIT)
Effective digital forensics research is investigator-centric
HotSec'11 Proceedings of the 6th USENIX conference on Hot topics in security
Populated IP addresses: classification and applications
Proceedings of the 2012 ACM conference on Computer and communications security
Estimating the number of hosts corresponding to an address while preserving anonymity
NSS'12 Proceedings of the 6th international conference on Network and System Security
Optimus: a dynamic rewriting framework for data-parallel execution plans
Proceedings of the 8th ACM European Conference on Computer Systems
Mosaic: quantifying privacy leakage in mobile networks
Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM
Estimating the number of hosts corresponding to an intrusion alert while preserving privacy
Journal of Computer and System Sciences
Hi-index | 0.00 |
Today's Internet is open and anonymous. While it permits free traffic from any host, attackers that generate malicious traffic cannot typically be held accountable. In this paper, we present a system called HostTracker that tracks dynamic bindings between hosts and IP addresses by leveraging application-level data with unreliable IDs. Using a month-long user login trace from a large email provider, we show that HostTracker can attribute most of the activities reliably to the responsible hosts, despite the existence of dynamic IP addresses, proxies, and NATs. With this information, we are able to analyze the host population, to conduct forensic analysis, and also to blacklist malicious hosts dynamically.