Abstract
Intruders which log-in through a series of machines when conducting an attack are hard to trace because of the complex architecture of the Internet. The thumbprinting method provides an efficient way to tracing such intruders by determining whether two connections are part of the same connection chain. Since many connections are transient, and therefore short in length, choosing the best time interval to thumbprint over can be an issue. In this paper, we provide a way to shorten the time interval used for thumbprinting. We then study some special properties of the thumbprinting function. We also study another mechanism for tracing intruders in the Internet, based on a timestamping approach of passively monitoring flows between source and destination pairs. Given a potentially suspicious source, we identify the true destination of this source. We compute the error probability of our algorithm and show that its value decreases exponentially as the observation time increases. Our simulation results show that our approach performs well.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
He, T., Wong, H.Y., Lee, K.-W.: Traffic Analysis in Anonymous MANETs. In: Proc. IEEE MILCOM, San Diego, pp. 1–7 (2008)
Heberlein, L.T., Levitt, K., Mukherjee, B.: Internetwork Security Monitor: An Intrusion-Detection System for Large Scale Networks. In: Proc. 15th National Computer Security Conference, pp. 262–271 (1992)
Tae, H., Kim, H.L., Seo, Y.M., Choe, G., Min, S.L., Kim, C.S.: Caller Identification System in the Internet Environment. In: Proc. of 4th USENIX Security Symposium, pp. 69–78 (1993)
Staniford-Chen, S., Heberlein, L.T.: Holding Intruders Accountable on the Internet. In: Proc. the 1995 IEEE Symposium on Security and Privacy, Oakland, CA, pp. 39–49 (1995)
Wadell, S.: Private Communication (1994)
Implicit Function Theorem, http://en.wikipedia.org/wiki/Implicit_function_theorem
Internet, http://en.wikipedia.org/wiki/Internet
Jensen’s Inequality, http://en.wikipedia.org/wiki/Jensen'sinequality
Least Squares, http://en.wikipedia.org/wiki/Least_squares
Mean Value Theorem, http://en.wikipedia.org/wiki/Mean_value_theorem
Poisson Process, http://en.wikipedia.org/wiki/Poisson_proce
Xiao, Y.: Editorial. International Journal of Security and Networks 1(1/2), 1 (2006)
Shehab, M., Bertino, E., Ghafoor, A.: Workflow Authorization in Mediator-free Environments. International Journal of Security and Networks 1(1/2), 2–12 (2006)
Jung, E., Gouda, M.G.: Vulnerability Analysis of Certificate Graphs. International Journal of Security and Networks 1(1/2), 13–23 (2006)
Kiayias, A., Yung, M.: Secure Scalable Group Signature with Dynamic Joins and Separable Authorities. International Journal of Security and Networks 1(1/2), 24–45 (2006)
Franklin, M.: A Survey of Key Evolving Cryptosystems. International Journal of Security and Networks 1(1/2), 46–53 (2006)
Hamadeh, I., Kesidis, G.: A Taxonomy of Internet Traceback. International Journal of Security and Networks 1(1/2), 54–61 (2006)
Jhumka, A., Freiling, F., Fetzer, C., Suri, N.: An Approach to Synthesize Safe Systems. International Journal of Security and Networks 1(1/2), 62–74 (2006)
Evans, J.B., Wang, W., Ewy, B.J.: Wireless Networking Security: Open Issues in Trust, Management, Interoperation and Measurement. International Journal of Security and Networks 1(1/2), 84–94 (2006)
Englund, H., Johansson, T.: Three Ways to Mount Distinguishing Attacks on Irregularly Clocked Stream Ciphers. International Journal of Security and Networks 1(1/2), 95–102 (2006)
Zhu, B., Jajodia, S., Kankanhalli, M.S.: Building Trust in Peer-to-Peer Systems: A Review. International Journal of Security and Networks 1(1/2), 103–112 (2006)
Ramkumar, M., Memon, N.: Secure Collaborations Over Message Boards. International Journal of Security and Networks 1(1/2), 113–124 (2006)
Xiao, Y., Jia, X., Sun, B., Du, X.: Editorial: Security Issues on Sensor Networks. International Journal of Security and Networks 1(3/4), 125–126 (2006)
Wang, H., Sheng, B., Li, Q.: Elliptic Curve Cryptography-based Access Control. International Journal of Security and Networks 1(3/4), 127–137 (2006)
Zheng, J., Li, J., Lee, M.J., Anshel, M.: A Lightweight Encryption and Authentication Scheme for Wireless Sensor Networks. International Journal of Security and Networks 2006 1(3/4), 138–146 (2006)
Al-Karaki, J.N.: Analysis of Routing Security-Energy Trade-offs in Wireless Sensor Networks. International Journal of Security and Networks 1(3/4), 147–157 (2006)
Araz, O., Qi, H.: Load-balanced Key Establishment Methodologies in Wireless Sensor Networks. International Journal of Security and Networks 1(3/4), 158–166 (2006)
Deng, J., Han, R., Mishra, S.: Limiting DoS Attacks During Multihop Data Delivery in Wireless Sensor Networks. International Journal of Security and Networks 1(3/4), 167–178 (2006)
Hwu, J., Hsu, S., Lin, Y.-B., Chen, R.: End-to-End Security Mechanisms for SMS. International Journal of Security and Networks 1(3/4), 177–183 (2006)
Wang, X.: The Loop Fallacy and Deterministic Serialisation in Tracing Intrusion Connections through Stepping Stones. International Journal of Security and Networks 1(3/4), 184–197 (2006)
Jiang, Y., Lin, C., Shi, M., Shen, X.: A Self-Encryption Authentication Protocol for Teleconference Services. International Journal of Security and Networks 1(3/4), 198–205 (2006)
Owens, S.F., Levary, R.R.: An Adaptive Expert System Approach for Intrusion Detection. International Journal of Security and Networks 1(3/4), 206–217 (2006)
Chen, Y., Susilo, W., Mu, Y.: Convertible Identity-based Anonymous Designated Ring Signatures. International Journal of Security and Networks 1(3/4), 218–225 (2006)
Teo, J., Tan, C., Ng, J.: Low-power Authenticated Group Key Agreement for Heterogeneous Wireless Networks. International Journal of Security and Networks 1(3/4), 226–236 (2006)
Tan, C.: A New Signature Scheme without Random Oracles. International Journal of Security and Networks 1(3/4), 237–242 (2006)
Liu, Y., Comaniciu, C., Man, H.: Modelling Misbehaviour in Ad Hoc Networks: A Game Theoretic Approach for Intrusion Detection. International Journal of Security and Networks 1(3/4), 243–254 (2006)
Karyotis, V., Papavassiliou, S., Grammatikou, M., Maglaris, V.: A Novel Framework for Mobile Attack Strategy Modelling and Vulnerability Analysis in Wireless Ad Hoc Networks. International Journal of Security and Networks 1(3/4), 255–265 (2006)
Chen, H., Guizani, M.: Editorial. International Journal of Security and Networks 2(1/2), 1–2 (2007)
Li, R., Li, J., Chen, H.: DKMS: Distributed Hierarchical Access Control for Multimedia Networks. International Journal of Security and Networks 2(1/2), 3–10 (2007)
Sakarindr, P., Ansari, N.: Adaptive trust-based anonymous network. International Journal of Security and Networks 2(1/2), 11–26 (2007)
Malaney, R.A.: Securing Wi-Fi Networks with Position Verification: Extended Version. International Journal of Security and Networks 2(1/2), 27–36 (2007)
Sun, F., Shayman, M.A.: On Pairwise Connectivity of Wireless Multihop Networks. International Journal of Security and Networks 2(1/2), 37–49 (2007)
Erdogan, O., Cao, P.: Hash-AV: Fast Virus Signature Scanning by Cache-Resident Filters. International Journal of Security and Networks 2(1/2), 50–59 (2007)
Rabinovich, P., Simon, R.: Secure Message Delivery in Publish/Subscribe Networks using Overlay Multicast. International Journal of Security and Networks 2(1/2), 60–70 (2007)
Chen, Z., Ji, C.: Optimal worm-scanning method using vulnerable-host distributions. International Journal of Security and Networks 2(1/2), 71–80 (2007)
Pan, J., Cai, L., Shen, X.: Vulnerabilities in Distance-indexed IP Traceback Schemes. International Journal of Security and Networks 2(1/2), 81–94 (2007)
Korkmaz, T., Gong, C., Sarac, K., Dykes, S.G.: 8 Single Packet IP Traceback in AS-Level Partial Deployment Scenario. International Journal of Security and Networks 2(1/2), 95–108 (2007)
Ling, H., Znati, T.: End-to-end Pairwise Key Establishment using Node Disjoint Secure Paths in Wireless Sensor Networks. International Journal of Security and Networks 2(1/2), 109–121 (2007)
Artan, N.S., Chao, H.J.: Design and Analysis of A Multipacket Signature Detection System. International Journal of Security and Networks 2(1/2), 122–136 (2007)
Zhu, Y., Fu, X., Bettati, R., Zhao, W.: Analysis of Flow-correlation Attacks in Anonymity Network. International Journal of Security and Networks 2(1/2), 137–153 (2007)
Gu, Q., Liu, P., Chu, C., Zhu, S.: Defence Against Packet Injection in Ad Hoc Networks. International Journal of Security and Networks 2(1/2), 154–169 (2007)
Mu, Y., Chen, L., Chen, X., Gong, G., Lee, P., Miyaji, A., Pieprzyk, J., Pointcheval, D., Takagi, T., Traore, J., Seberry, J., Susilo, W., Wang, H., Zhang, F.: Editorial. International Journal of Security and Networks 2(3/4), 171–174 (2007)
Tartary, C., Wang, H.: Efficient Multicast Stream Authentication for the Fully Adversarial Network Model. International Journal of Security and Networks 2(3/4), 175–191 (2007)
Bhaskar, R., Herranz, J., Laguillaumie, F.: Aggregate Designated Verifier Signatures and Application to Secure Routing. International Journal of Security and Networks 2(3/4), 192–201 (2007)
Hsu, H., Zhu, S., Hurson, A.R.: LIP: A Lightweight Interlayer protocol for Preventing Packet Injection Attacks in Mobile Ad Hoc Network. International Journal of Security and Networks 2(3/4), 202–215 (2007)
Oliveira, L.B., Wong, H., Loureiro, A.A.F., Dahab, R.: On the Design of Secure Protocols for Hierarchical Sensor Networks. International Journal of Security and Networks 2(3/4), 216–227 (2007)
Michail, H.E., Panagiotakopoulos, G.A., Thanasoulis, V.N., Kakarountas, A.P., Goutis, C.E.: Server Side Hashing Core Exceeding 3 Gbps of Throughput. International Journal of Security and Networks 2(3/4), 228–238 (2007)
Hoeper, K., Gong, G.: Preventing or Utilizing Key Escrow in Identity-based Schemes Employed in Mobile Ad Hoc Networks. International Journal of Security and Networks 2(3/4), 239–250 (2007)
Cheng, Z., Chen, L.: On Security Proof of McCullagh–Barreto’s Key Agreement Protocol and Its Variants. International Journal of Security and Networks 2(3/4), 251–259 (2007)
Finnigin, K.M., Mullins, B.E., Raines, R.A., Potoczny, H.B.: Cryptanalysis of An Elliptic Curve Cryptosystem for Wireless Sensor Networks. International Journal of Security and Networks 2(3/4), 260–271 (2007)
Huang, D.: Pseudonym-based Cryptography for Anonymous Communications in Mobile Ad Hoc Networks. International Journal of Security and Networks 2(3/4), 272–283 (2007)
Abdalla, M., Bresson, E., Chevassut, O., Moller, B., Pointcheval, D.: Strong Password-based Authentication in TLS Using the Three-party Group Diffie–Hellman Protocol. International Journal of Security and Networks 2(3/4), 284–296 (2007)
Kotzanikolaou, P., Vergados, D.D., Stergiou, G., Magkos, E.: Multilayer Key Establishment for Large-scale Sensor Networks. International Journal of Security and Networks 3(1), 1–9 (2008)
Wang, W., Kong, J., Bhargava, B., Gerla, M.: Visualization of Wormholes in Underwater Sensor Networks: A Distributed Approach. International Journal of Security and Networks 3(1), 10–23 (2008)
Scheirer, W., Chuah, M.: Syntax vs. Semantics: Competing Approaches to Dynamic Network Intrusion Detection. International Journal of Security and Networks 3(1), 24–35 (2008)
Burt, A.L., Darschewski, M., Ray, I., Thurimella, R., Wu, H.: Origins: An Approach to Trace Fast Spreading Worms to Their Roots. International Journal of Security and Networks 3(1), 36–46 (2008)
Zou, X., Karandikar, Y.: A Novel Conference Key Management Solution for Secure Dynamic Conferencing. International Journal of Security and Networks 3(1), 47–53 (2008)
Asadpour, M., Sattarzadeh, B., Movaghar, A.: Anonymous Authentication Protocol for GSM Networks. International Journal of Security and Networks 3(1), 54–62 (2008)
Hu, F., Rughoonundon, A., Celentano, L.: Towards a Realistic Testbed for Wireless Network Reliability and Security Performance Studies. International Journal of Security and Networks 3(1), 63–77 (2008)
Memon, N., Goel, R.: Editorial. International Journal of Security and Networks 3(2), 79 (2008)
Ray, I., Poolsappasit, N.: Using Mobile Ad Hoc Networks to Acquire Digital Evidence from Remote Autonomous Agents. International Journal of Security and Networks 3(2), 80–94 (2008)
Kilpatrick, T., Gonzalez, J., Chandia, R., Papa, M., Shenoi, S.: Forensic Analysis of SCADA Systems and Networks. International Journal of Security and Networks 3(2), 95–102 (2008)
Cronin, E., Sherr, M., Blaze, M.: On the (Un)reliability of Eavesdropping. International Journal of Security and Networks 3(2), 103–113 (2008)
Okolica, J.S., Peterson, G.L., Mills, R.F.: Using PLSI-U to Detect Insider Threats by Datamining E-mail. International Journal of Security and Networks 3(2), 114–121 (2008)
Lin, X., Ling, X., Zhu, H., Ho, P., Shen, X.: A Novel Localised Authentication Scheme in IEEE 802.11 based Wireless Mesh Networks. International Journal of Security and Networks 3(2), 122–132 (2008)
Challal, Y., Gharout, S., Bouabdallah, A., Bettahar, H.: Adaptive Clustering for Scalable Key Management in Dynamic Group Communications. International Journal of Security and Networks 3(2), 133–146 (2008)
Xu, H., Ayachit, M., Reddyreddy, A.: Formal Modelling and Analysis of XML Firewall for Service-oriented Systems. International Journal of Security and Networks 3(3), 147–160 (2008)
Bouhoula, A., Trabelsi, Z., Barka, E., Benelbahri, M.: Firewall Filtering Rules Analysis for Anomalies Detection. International Journal of Security and Networks 3(3), 161–172 (2008)
Li, F., Srinivasan, A., Wu, J.: PVFS: A Probabilistic Voting-based Filtering Scheme in Wireless Sensor Networks. International Journal of Security and Networks 3(3), 173–182 (2008)
Ma, X., Cheng, X.: Verifying Security Protocols by Knowledge Analysis. International Journal of Security and Networks 3(3), 183–192 (2008)
Uphoff, B., Wong, J.S.: An Agent-based Framework for Intrusion Detection Alert Verification and Event Correlation. International Journal of Security and Networks 3(3), 193–200 (2008)
Tripathy, S., Nandi, S.: Secure User-identification and Key Distribution Scheme Preserving Anonymity. International Journal of Security and Networks 3(3), 201–205 (2008)
Li, F., Xin, X., Hu, Y.: ID-based Threshold Proxy Signcryption Scheme from Bilinear Pairings. International Journal of Security and Networks 3(3), 206–215 (2008)
Ma, L., Teymorian, A.Y., Xing, K., Du, D.: An One-way Function Based Framework for Pairwise Key Establishment in Sensor Networks. International Journal of Security and Networks 3(4), 217–225 (2008)
Srinivasan, A., Li, F., Wu, J., Li, M.: Clique-based Group Key Assignment in Wireless Sensor Networks. International Journal of Security and Networks 3(4), 226–239 (2008)
Hsieh, C., Chen, J., Lin, Y.-B., Chen, K., Liao, H., Liang, C.: NTP-DownloadT: A Conformance Test Tool for Secured Mobile Download Services. International Journal of Security and Networks 3(4), 240–249 (2008)
Sadowitz, M., Latifi, S., Walker, D.: An Iris and Retina Multimodal Biometric System. International Journal of Security and Networks 3(4), 250–257 (2008)
Kandikattu, R., Jacob, L.: Secure Hybrid Routing with Micro/Macro-mobility Handoff Mechanisms for Urban Wireless Mesh Networks. International Journal of Security and Networks 3(4), 258–274 (2008)
Mayrhofer, R., Nyberg, K., Kindberg, T.: Foreword. International Journal of Security and Networks 4(1/2), 1–3 (2009)
Scannell, A., Varshavsky, A., LaMarca, A., De Lara, E.: Proximity-based Authentication of Mobile Devices. International Journal of Security and Networks 4(1/2), 4–16 (2009)
Soriente, C., Tsudik, G., Uzun, E.: Secure Pairing of Interface Constrained Devices. International Journal of Security and Networks 4(1/2), 17–26 (2009)
Buhan, I., Boom, B., Doumen, J., Hartel, P.H., Veldhuis, R.N.J.: Secure Pairing with Biometrics. International Journal of Security and Networks 4(1/2), 27–42 (2009)
McCune, J.M., Perrig, A., Reiter, M.K.: Seeing-Is-Believing: Using Camera Phones for Human-verifiable Authentication. International Journal of Security and Networks 4(1/2), 43–56 (2009)
Goodrich, M.T., Sirivianos, M., Solis, J., Soriente, C., Tsudik, G., Uzun, E.: Using Audio in Secure Device Pairing. International Journal of Security and Networks 4(1/2), 57–68 (2009)
Laur, S., Pasini, S.: User-aided Data Authentication. International Journal of Security and Networks 4(1/2), 69–86 (2009)
Suomalainen, J., Valkonen, J., Asokan, N.: Standards for Security Associations in Personal Networks: A Comparative Analysis. International Journal of Security and Networks 4(1/2), 87–100 (2009)
Kuo, C., Perrig, A., Walker, J.: Designing User Studies for Security Applications: A Case Study with Wireless Network Configuration. International Journal of Security and Networks 409(1/2), 101–109 (2009)
Berthier, R., Cukier, M.: An Evaluation of Connection Characteristics for Separating Network Attacks. International Journal of Security and Networks 4(1/2), 110–124 (2009)
Wu, B., Wu, J., Dong, Y.: An Efficient Group Key Management Scheme for Mobile Ad Hoc Networks. International Journal of Security and Networks 4(1/2), 125–134 (2009)
Chen, Z., Chen, C., Li, Y.: Deriving a Closed-form Expression for Worm-scanning Strategies. International Journal of Security and Networks 4(3), 135–144 (2009)
Lee, S., Sivalingam, K.M.: An Efficient One-Time Password Authentication Scheme Using a Smart Card. International Journal of Security and Networks 4(3), 145–152 (2009)
Watkins, L., Beyah, R., Corbett, C.: Using Link RTT to Passively Detect Unapproved Wireless Nodesd. International Journal of Security and Networks 4(3), 153–163 (2009)
Drakakis, K.E., Panagopoulos, A.D., Cottis, P.G.: Overview of Satellite Communication Networks Security: Introduction of EAP. International Journal of Security and Networks 4(3), 164–170 (2009)
Chakrabarti, S., Chandrasekhar, S., Singhal, M.: An Escrow-less Identity-based Group-key Agreement Protocol for Dynamic Peer Groups. International Journal of Security and Networks 4(3), 171–188 (2009)
Ehlert, S., Rebahi, Y., Magedanz, T.: Intrusion Detection System for Denial-of-Service Flooding Attacks in SIP Communication Networks. International Journal of Security and Networks 4(3), 189–200 (2009)
Bai, L., Zou, X.: A Proactive Secret Sharing Scheme in Matrix Projection Method. International Journal of Security and Networks 4(4), 201–209 (2009)
Bettahar, H., Alkubeily, M., Bouabdallah, A.: TKS: A Transition Key Management Scheme for Secure Application Level Multicast. International Journal of Security and Networks 4(4), 210–222 (2009)
Huang, H., Kirchner, H., Liu, S., Wu, W.: Handling Inheritance Violation for Secure Interoperation of Heterogeneous Systems. International Journal of Security and Networks 4(4), 223–233 (2009)
Rekhis, S., Boudriga, N.A.: Visibility: A Novel Concept for Characterizing Provable Network Digital Evidences. International Journal of Security and Networks 4(4), 234–245 (2009)
Djenouri, D., Bouamama, M., Mahmoudi, O.: Black-hole-resistant ENADAIR-based Routing Protocol for Mobile Ad Hoc Networks. International Journal of Security and Networks 4(4), 246–262 (2009)
Hu, F., Dong, D., Xiao, Y.: Attacks and Countermeasures in Multi-hop Cognitive Radio Networks. International Journal of Security and Networks 4(4), 263–271 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Olteanu, A., Xiao, Y., Liu, J., Chen, T.M. (2012). Studying Non-intrusive Tracing in the Internet. In: Zhang, X., Qiao, D. (eds) Quality, Reliability, Security and Robustness in Heterogeneous Networks. QShine 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 74. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29222-4_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-29222-4_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29221-7
Online ISBN: 978-3-642-29222-4
eBook Packages: Computer ScienceComputer Science (R0)