Toward a Framework for Internet Forensic Analysis (2004) [7 citations — 1 self]

Download:

by Vyas Sekar, Yinglian Xie, David A. Maltz, Michael K. Reiter, Hui Zhang

In Third Workshop on Hot Topics in Networking (HotNets-III

http://www.cs.cmu.edu/~hzhang/papers/hotnets04-forensic.pdf

Add To MetaCart

Popular Tags

No tags have been applied to this document.

BibTeX | Add To MetaCart

@INPROCEEDINGS{Sekar04towarda,
    author = {Vyas Sekar and Yinglian Xie and David A. Maltz and Michael K. Reiter and Hui Zhang},
    title = {Toward a Framework for Internet Forensic Analysis},
    booktitle = {In Third Workshop on Hot Topics in Networking (HotNets-III},
    year = {2004}
}

Abstract:

The world of network security is an arms race where attackers constantly change the signatures of their attacks to avoid detection. Aiding the white-hats in this race is one fundamental invariant across all network attacks (present and future): for the attack to progress there must be communication among attacker, the associated set of compromised hosts and the victim(s), and this communication is visible to the network. We argue that the Internet architecture should be extended to include auditing mechanisms that enable the forensic analysis of network data, with a goal of identifying the true originator of each attack — even if the attacker recruits innocent hosts as zombies or stepping stones to propagate the attack. In this paper we outline an approach to the problem of Attacker Identification and Attack Reconstruction, describe the challenges involved, and explain our efforts that show the promise of this approach. 1.

Citations

784	On Power-law Relationships of the Internet Topology – Faloutsos, Faloutsos, et al. - 1999
642	the Ordering of Events in a Distributed System – Time - 1978
488	Snort - Lightweight Intrusion Detection for Networks – Roesch - 1999
398	Practical network support for IP traceback – SAVAGE, WETHERALL, et al. - 2000
396	Bro: A System for Detecting Network Intruders in Real-Time – Paxson - 1999
350	How to 0wn the Internet in your spare time – Staniford, Paxson, et al. - 2002
197	Internet Quarantine: Requirements for Containing Self-Propagating Code – Moore, Shannon, et al. - 2003
192	Inferring internet Denial-of-Service activity – Moore, Voelker, et al. - 2001
178	Autograph: Toward automated, distributed worm signature detection – Kim, Karp - 2004
166	On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets – PARK, LEE - 2001
151	Tracing Anonymous Packets to Their Approximate Source – Burch, Cheswick - 2000
127	A Signal Analysis of Network Traffic Anomalies – Barford, Kline, et al. - 2002
106	A Framework for Classifying Denial of Service Attacks – Hussain, Heidemann, et al. - 2003
102	Modeling the Spread of Active Worms – Chen, Gao, et al. - 2003
99	Detecting stepping stones – Zhang, Paxson - 2000
94	Honeycomb - Creating Intrusion Detection Signatures Using Honeypots – Kreibich, Crowcroft - 2003
86	Attacking DDoS at the source – Mirkovic, Prier, et al. - 2002
81	ICMP Traceback Messages – BELLOVIN - 2000
69	Preventing Internet denial-of-service with capabilities – Anderson, Roscoe, et al. - 2003
66	The design of GrIDS: A graph-based intrusion detection system – Staniford-Chen, Cheung, et al. - 1996
45	Taming IP packet flooding attacks – Lakshminarayanan, Adkins, et al. - 2003
45	An effective architecture and algorithm for detecting worms with various scan techniques – Wu, Vangala, et al. - 2004
22	Multiscale stepping-stone detection: detecting pairs of jittered interactive streams by exploiting maximum tolerable delay – Donoho, Flesia, et al. - 2002
3	Practical solutions for search on encrypted data – Song, Wagner, et al. - 2000

View or Download | Add to My Collection | Correct Errors