Title :
Attack attribution in non-cooperative networks
Author :
Cohen, Donald ; Narayanaswamy, K.
Author_Institution :
Cs3 Inc., Los Angeles, CA, USA
Abstract :
This paper reports on preliminary research concepts in attack attribution that have been developed in Cs3´s project being conducted for advanced research and development activity (ARDA). The ARDA BAA identified 4 levels of attribution: level 1: attribution to the specific hosts involved in the attack; level 2: attribution to the primary controlling host; level 3: attribution to the actual human actor; level 4: attribution to an organization with the specific intent to attack. Cs3´s research specifically focuses on attribution in situations where universal cooperation is not available for the attribution effort. This paper describes research concepts that show promise in resolving the level 1 attribution problem. The name of the project is Systematically Tracking Attackers through Routing Data, Events, and Communication Knowledge (STARDECK).
Keywords :
IP networks; authorisation; packet switching; telecommunication network routing; attack attribution tracking; noncooperative network; Condition monitoring; Contracts; Filtering; Floods; Humans; Intelligent networks; Internet; Research and development; Routing; Telecommunication traffic;
Conference_Titel :
Information Assurance Workshop, 2004. Proceedings from the Fifth Annual IEEE SMC
Print_ISBN :
0-7803-8572-1
DOI :
10.1109/IAW.2004.1437851
