Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
UNIX for Programmers and Users: A Complete Guide
UNIX for Programmers and Users: A Complete Guide
Finding a Connection Chain for Tracing Intruders
ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
Sleepy Watermark Tracing: An Active Network-Based Intrusion Response Framework
IFIP/Sec '01 Proceedings of the IFIP TC11 Sixteenth Annual Working Conference on Information Security: Trusted Information: The New Decade Challenge
Holding intruders accountable on the Internet
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Hi-index | 0.00 |
When an intruder launches attack not from their own computer but from intermediate hosts that they previously compromised, these intermediate hosts are called stepping-stones. In this paper, we describe an algorithm to be able to detect stepping-stones in detoured attacks. Our aim is to develop an algorithm that can trace an origin system which attacks a victim system via stepping-stones. There are two kinds of traceback technologies: IP packet traceback and connection traceback. We focused on connection traceback in this paper and proposed a new intruder tracing algorithm to distinguish between an origin system of attack and stepping-stones using process structures of operating systems.