Browse > Article
http://dx.doi.org/10.3745/KIPSTC.2006.13C.1.011

Design an Algorithm Matching TCP Connection Pairs for Intruder Traceback  

Kang Hyung-Woo (ETRI 부설 국가보안기술연구소)
Hong Soon-Jwa (ETRI 부설 국가보안기술연구소)
Lee Dong-Hoon (고려대학교 전산학과)
Publication Information
The KIPS Transactions:PartC / v.13C, no.1, 2006 , pp. 11-18 More about this Journal
Abstract
In the field of network defense, a lot of researches are directed toward locating the source of network attacks. When an intruder launches attack not from their own computer but from intermediate hosts that they previously compromised, and these intermediate hosts are called stepping-stones. There we two kinds of traceback technologies : IP packet traceback and connection traceback. We focused on connection traceback in this paper This paper classifies process structures of detoured attack type in stepping stone, designs an algorithm for traceback agent, and implements the traceback system based on the agent
Keywords
Traceback; Stepping Stone; Detoured Attack; Backdoor;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Chongwoo Woo, Suntae Hwang, Iinwoo Choi, Sangyoung Kim, Hyungwoo Kang, Jaewoo Park, Gunwoo Nam, 'Multiagent based Intruder tracing System in the Active Network Environment', Proceedings of the ICACT 2003, pp.719-723, 2003.1
2 X. Wang, D. Reeves, S. F. Wu, and J. Yuill, 'Sleepy Watermark Tracing: An Active Network-Based Intrusion Response Framework', Proceedings of IFIP Conference on Security, Mar., 2001
3 W. R. Stevens, 'Unix Network Programming,' Prentice Hall, 1998
4 B. Carrier, C. Shields: A Recursive Session Token Protocol for Use in Computer Forensics and TCP Traceback, IEEE INFOCOM 2002   DOI
5 D. Schnackenberg, 'Dynamic Cooperating Boundary Controllers (http://www.darpa.mil/ito/ sumrnaries97/E295_0.html)', Boeing Defense and Space Group, 1998
6 K. Yoda and H. Etoh, 'Finding a Connection Chain for Tracing Intruders,' In F. Guppens, Y. Deswarte, D. Gollamann, and M. Waidner, editors, 6th European Symposisum on Research in Computer Security-ESORICS 2000 LNCS -1985, Toulouse, France, Oct., 2000
7 Graham Glass, 'UNIX for Programmers and Users: A Complete Guide', Prentice Hall, 1993
8 H.W. Kang, S.J. Hong, D.H. Lee: 'Matching Connection Pairs', PDCAT 2004, LNCS 3320, pp.642-649   DOI
9 Y. Zhang and V. Paxson, 'Detecting Stepping stones,' Proceedings of 9th USENIX Security Symposium, Aug., 2000
10 W.R. Stevens. TCP/IP lllustrated, Vol.1, Addison Wesley, 1994
11 Steven R. Snapp, James Brentano, Gihan V. Dias, 'DIDS (Distributed Intrusion Detection System) Motivation, Architecture, and An Early Prototype,' Proceedings of the 14th National Computer Security Conference, 1991
12 H.T. Jung et aI. 'Caller Identification System in the Internet Environment' Proceedings of the 4th Usenix Security Symposium, 1993
13 S. Stamford-Chen and L.T. Heberlein. 'Holding Intruders Accountable on the Internet,' In Proceedings of the 1995 IEEE Symposium on Security and Privacy, 1995   DOI