Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Network support for IP traceback
IEEE/ACM Transactions on Networking (TON)
Distributed-Log-based Scheme for IP Traceback
CIT '05 Proceedings of the The Fifth International Conference on Computer and Information Technology
Hi-index | 0.01 |
Tracing complex attacks is among the research topics that are currently under development. Limiting tracing to network traffic has allowed the reconstruction of the attack paths of a few attacks, but appears to be insufficient to trace complex attacks. In this paper, we propose a new tracing scheme that extends marking to additional malicious activities related to system running processes and modification actions operated at the host level, making use of compromise independent disk based components. These components are involved in the marking and the tracing process. The behavior of the new scheme for marking and tracing is illustrated against a sample attack scenario that integrates several techniques in order to increase the complexity of the attack. Our scheme plays an important role in investigation and provides evidences that help an investigator determining the attacker and the actions he performed.