Abstract
In spite of stringent security measures on the components of a distributed system and well-defined communication procedures between the nodes of the system, an exploit may be found that compromises a node, and may be propagated to other nodes. This paper describes an incident-response method to analyse an attack. The analysis is required to patch the vulnerabilities and may be helpful in finding and removing backdoors installed by the attacker. This analysis is done by logging all relevant information of each node in the system at regular intervals at a centralised store. The logs are compressed and sent in order to reduce network traffic and use lesser storage space. The state of the system is also stored at regular intervals. This information is presented by a replay tool in a lucid, comprehensible manner using a timeline. The timeline shows the saved system states (of each node in the distributed system) as something similar to checkpoints. The events and actions stored in the logs act on these states and this shows a replay of the events to the analyser. A time interval during which an attack that took place is suspected to have occurred can be analysed thoroughly using this tool.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Balakrishnan, R., Sahoo, R.K.: Lossless compression for large scale cluster logs. In: 20th International Parallel and Distributed Processing Symposium (IPDPS 2006), IEEE (2006)
Skibiski, P., Swacha, J.: Fast and efficient log file compression. In: CEUR Workshop Proceedings of 11th East-European Conference on Advances in Databases and Information Systems (ADBIS 2007) (2007)
Ren, W., Jin, H.: Distributed agent-based real time network intrusion forensics system architecture design. In: 19th International Conference on Advanced Information Networking and Applications (AINA 2005), vol. 1, IEEE (2005)
Hunt, R., Slay, J.: Achieving critical infrastructure protection through the interaction of computer security and network forensics. In: 2010 Eighth Annual International Conference on Privacy Security and Trust (PST), IEEE (2010)
Capuzzi, G., Spalazzi, L., Pagliarecci, F.: IRSS: Incident response support system. In: International Symposium on Collaborative Technologies and Systems (CTS 2006), IEEE (2006)
Benchmarks for popular compression algorithms. http://www.maximumcompression.com/data/log.php
MongoDB Official Documentation. http://www.mongodb.org/
Using MongoDB to store logs. http://docs.mongodb.org/ecosystem/use-cases/storing-log-data/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer India
About this paper
Cite this paper
Dinesh, S., Rao, S., Chandrasekaran, K. (2016). Traceback: A Forensic Tool for Distributed Systems. In: Nagar, A., Mohapatra, D., Chaki, N. (eds) Proceedings of 3rd International Conference on Advanced Computing, Networking and Informatics. Smart Innovation, Systems and Technologies, vol 44. Springer, New Delhi. https://doi.org/10.1007/978-81-322-2529-4_2
Download citation
DOI: https://doi.org/10.1007/978-81-322-2529-4_2
Published:
Publisher Name: Springer, New Delhi
Print ISBN: 978-81-322-2528-7
Online ISBN: 978-81-322-2529-4
eBook Packages: EngineeringEngineering (R0)