Novel Hybrid Schemes Employing Packet Marking and Logging for IP Traceback
IEEE Transactions on Parallel and Distributed Systems
A functional reference model of passive systems for tracing network traffic
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Hi-index | 0.00 |
Past work on determining the origin of network traffic has been done in a case-specific manner. This has resulted in a number of specific works while yielding little general understanding of the mechanisms used for expression, concealment, and observation of origin identity. This dissertation addresses this state of affairs by presenting a reference model of how the originator identity of network data elements are concealed and observed. The result is a model that is useful for representing origin concealment and identification scenarios and reasoning about their properties. From the model, we have determined several mutually sufficient conditions for passively determining the origin of traffic. Based on these conditions, we have developed two new origin identification algorithms for constrained network topologies.