Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Space/time trade-offs in hash coding with allowable errors
Communications of the ACM
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
An algebraic approach to IP traceback
ACM Transactions on Information and System Security (TISSEC)
Pi: A Path Identification Mechanism to Defend against DDoS Attacks
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
A Simple Framework for Distributed Forensics
ICDCSW '05 Proceedings of the Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05) - Volume 02
VoIP Intrusion Detection Through Interacting Protocol State Machines
DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
A Collaborative Forensics Framework for VoIP Services in Multi-network Environments
PAISI, PACCF and SOCO '08 Proceedings of the IEEE ISI 2008 PAISI, PACCF, and SOCO international workshops on Intelligence and Security Informatics
StackPi: New Packet Marking and Filtering Mechanisms for DDoS and IP Spoofing Defense
IEEE Journal on Selected Areas in Communications
Hi-index | 0.00 |
While voice over IP (VoIP) services have brought many desirable communication features to the general public, they have also become a medium through which criminals communicate and conduct illegal activities e.g., fraud and blackmail without being intercepted by law enforcement agencies (LEAs). Previous research on IP traceback focused on tracking IP addresses on the network layer. The mechanisms developed thus far, however, require an inefficient and sometimes infeasibly large amount of router and network support. In this paper, we propose a collaborative forensics mechanism that cooperates with related network operators (NWO) and service providers (SvP) in tracing back VoIP calls without depending on routers throughout the full trace path. We discuss the various kinds of attacks of VoIP services and the characteristics of VoIP service requests as they pertain to those attacks. Additionally, we propose a procedure for identifying forged header field values (HFVs) on SIP requests, and introduce the concept of active forensics. This can lead to a reduction in the probability of important information being deleted by the time collaborative forensics is initiated, and thus assist law enforcement agencies in intercepting criminals. We also describe extended applications for traceback for attacks resulting in Distributed Denial of Service and those involving mobile phones.