Title :
Architecture for multi-stage network attack traceback
Author :
Strayer, W. Timothy ; Jones, Christine E. ; Schwartz, Beverly I. ; Mikkelson, Joanne ; Livadas, Carl
Author_Institution :
BBN Technol., Cambridge, MA
Abstract :
Attacks can originate from anywhere in the network but there is little the network can tell operators about where the attacker is located. Packet traceback techniques have been proposed to find the source of one or more IP packets, but some attackers use multiple remote login sessions, or stepping stones, to increase obfuscation. IP packet traceback can only find the source of one of the several connections in the stepping stone connection chain. Stealthy tracing attackers research light trace (STARLlTE) is a customization and significant extension to BBN´s source path isolation engine (SPlE.) The goal of STARLlTE was to construct a prototype to integrate single packet traceback with stepping stone detection. The resulting prototype traces a packet to an ingress router, and then discovers if the flow of that packet is related to a flow in another connection. A successful correlation can then be continued until an ultimate source is located
Keywords :
IP networks; telecommunication security; ingress router; multi-stage network attack traceback; packet traceback techniques; source path isolation engine; stealthy tracing attackers research light trace; Computer networks; IP networks; Internet; Intrusion detection; Protocols; Prototypes; Search engines;
Conference_Titel :
Local Computer Networks, 2005. 30th Anniversary. The IEEE Conference on
Conference_Location :
Sydney, NSW
Print_ISBN :
0-7695-2421-4
DOI :
10.1109/LCN.2005.33
