Advanced programming in the UNIX environment
Advanced programming in the UNIX environment
Active security — a proactive approach for computer security systems
Journal of Network and Computer Applications
Finding a Connection Chain for Tracing Intruders
ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
A self-extension monitoring for security management
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Holding intruders accountable on the Internet
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
Hi-index | 0.00 |
Since current internet intruders conceal their real identity by distributed or disguised attacks, it is not easy to deal with intruders properly only with an ex post facto chase. Therefore, it needs to trace the intruder in real time. Existing real-time intruder tracing systems has a spatial restriction. The security domain remains unchanged if there is no system security officer's intervention after installing the tracing system. It is impossible to respond to an attack which is done out of the security domain. This paper proposes self-replication mechanism, a new approach to real-time intruder tracing, minimizing a spatial limitation of traceable domain. The real-time tracing supports prompt response to the intrusion, detection of target host and laundering hosts. It also enhances the possibility of intruder identification. Collected data during the real-time tracing can be used to generate a hacking scenario database and can be used as legal evidence.