A global marking scheme for tracing cyber attacks

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

A global marking scheme for tracing cyber attacks

Full text

Pdf (280 KB)

Source

Symposium on Applied Computing archive
Proceedings of the 2007 ACM symposium on Applied computing table of contents

Seoul, Korea

SESSION: Computer forensics table of contents

Pages: 170 - 174

Year of Publication: 2007

ISBN:1-59593-480-4

Authors

Yacine Djemaiel	University of Carthage, Tunisia
Noureddine Boudriga	University of Carthage, Tunisia

Sponsor

SIGAPP: ACM Special Interest Group on Applied Computing

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 4, Downloads (12 Months): 43, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1244002.1244048 What is a DOI?

ABSTRACT

Tracing complex attacks is among the research topics that are currently under development. Limiting tracing to network traffic has allowed the reconstruction of the attack paths of a few attacks, but appears to be insufficient to trace complex attacks. In this paper, we propose a new tracing scheme that extends marking to additional malicious activities related to system running processes and modification actions operated at the host level, making use of compromise independent disk based components. These components are involved in the marking and the tracing process. The behavior of the new scheme for marking and tracing is illustrated against a sample attack scenario that integrates several techniques in order to increase the complexity of the attack. Our scheme plays an important role in investigation and provides evidences that help an investigator determining the attacker and the actions he performed.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Belenky, A., and Ansari, N. IP Traceback with Deterministic Packet Marking. In IEEE COMMUNICATIONS LETTERS (2003), vol. 7.
	2	Djemaiel, Y., Rekhis, S., and Boudriga, N. Cooperative Intrusion Detection and Tolerance System. In Proceedings of 12th IEEE International Conference on Electronics, Circuits and Systems (ICECS 2005). (Tunis, Tunisia, December 2005), pp. 279--283.
	3	Djemaiel, Y., Rekhis, S., and Boudriga, N. Marking and investigating communication traffic: an adaptive and selective scheme. In WSEAS TRANSACTIONS on COMMUNICATIONS journal (Athens, Greece, July 2005), vol. 4, pp. 469--477.
	4	Jin, G., and Yang, J. Deterministic packet marking based on redundant decomposition for ip traceback. In IEEE COMMUNICATIONS LETTERS (March 2006), vol. 10, pp. 204--206.
	5	Yi-Nan Jing , Peng Tu , Xue-Ping Wang , Gen-Du Zhang, Distributed-Log-based Scheme for IP Traceback, Proceedings of the The Fifth International Conference on Computer and Information Technology, p.711-715, September 21-23, 2005 [doi>10.1109/CIT.2005.99]
	6	Stefan Savage , David Wetherall , Anna Karlin , Tom Anderson, Network support for IP traceback, IEEE/ACM Transactions on Networking (TON), v.9 n.3, p.226-237, June 2001 [doi>10.1109/90.929847]
	7	Alex C. Snoeren, Hash-based IP traceback, Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications, p.3-14, August 2001, San Diego, California, United States