Network-Based Real-Time Connection Traceback System (NRCTS) with Packet Marking Technology
Recently the number of Internet users has very sharply increased, and the number of intrusions has also increased very much. Consequently, security products are being developed and adapted to prevent systems and networks from being hacked and intruded. Even if security products are adapted, however, hackers can still attack a system and get a special authorization because the security products cannot prevent a system and network from every instance of hacking and intrusion. Therefore, the researchers have focused on an active hacking prevention method, and they have tried to develop a traceback system that can find the real location of an attacker. At present, however, because of the Internet’s diversity real-time traceback is very difficult. To overcome this problem, a traceback system is proposed in this paper that have a possibility to be adapted to the current Internet environment. The system is a Network-based Real-Time Connection Traceback System (NRCTS) that uses the packet marking technique.
KeywordsIntrusion Detection Intrusion Detection System Clock Synchronization Reply Packet Boundary Controller
Unable to display preview. Download preview PDF.
- 1.CERT, http://www.cert.org
- 2.Buchholz, Thomas E. Daniels, Benjamin Kuperman, Clay Shields, “Packet Tracker Final Report”, CERIAS Technical Report 2000–23, Purdue University, 2000Google Scholar
- 3.Chaeho Lim, “Semi-Auto Intruder Retracing Using Autonomous Intrusion Analysis Agent”, FIRST Conference on Computer Security Incident Handling & Response 1999, 1999Google Scholar
- 4.X. Wang, D. Reeves, S. F. Wu, and J. Yuill, “Sleepy Watermark Tracing: An active Network-Based Intrusion Response Framework”, Proceedings of IFIP Conference on Security, Mar. 2001Google Scholar
- 5.H. T. Jung et al. “Caller Identification System in the Internet Environment.”, In Proceedings of the 4th Usenix Security Symposium, 1993.Google Scholar
- 6.Heejin Jang and Sangwook Kim, “A Self Extension Monitoring for Security Management”, 16th Annual Computer Security Applications Conference Dec. 2000.Google Scholar
- 7.S. Staniford-Chen and L. T. Heberlein. “Holding Intruders Accountable on the Internet”. In Proceedings of the 1995 IEEE Symposium on Security and Privacy, 1995.Google Scholar
- 8.Y. Zhang and V. Paxson, “Detecting Stepping Stones”, Proceedings of 9th USENIX Security Symposium, August 2000.Google Scholar
- 9.K. Yoda and H. Etoh, “Finding a Connection Chain for Tracing Intruders”, In F. Guppens, Y. Deswarte, D. Gollamann, and M. Waidner, editors, 6th European Symposium on Research in Computer Security-ESORICS 2000 LNCS-1985, Toulouse, France, Oct 2000.Google Scholar
- 10.S. Snapp et al. “DIDS (Distributed Intrusion Detection System)-Motivation, Architecture, and An Early Prototype.” In Proceedings of the 14th National Computer Security Conference, 1991.Google Scholar
- 11.D. Wetherall, J. Guttag and D. Tennenhouse. ANTS: A Toolkit for Building and Dynamically Deploying Network Protocols. In Proceedings of IEEE OPENARCH’ 1998, April 1998.Google Scholar
- 12.Dawn X. Song and Adrian Perrig, “Advanced and Authenticated Marking Schemes for IP Traceback”, Proceedings of InfoCom 2001Google Scholar