Architecture for Multi-Stage Network Attack Traceback

Sydney, Australia November 15-November 17

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/LCN.2005.33

The IEEE Conference on Local Computer ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by W. Timothy Strayer Articles by Christine E. Jones Articles by Beverly I. Schwartz

	ASCII Text	x
	W. Timothy Strayer, Christine E. Jones, Beverly I. Schwartz, "Architecture for Multi-Stage Network Attack Traceback," Local Computer Networks, Annual IEEE Conference on, pp. 776-785, The IEEE Conference on Local Computer Networks 30th Anniversary (LCN'05)l, 2005.

	BibTex	x
	@article{ 10.1109/LCN.2005.33, author = {W. Timothy Strayer and Christine E. Jones and Beverly I. Schwartz}, title = {Architecture for Multi-Stage Network Attack Traceback}, journal ={Local Computer Networks, Annual IEEE Conference on}, volume = {0}, year = {2005}, issn = {0742-1303}, pages = {776-785}, doi = {http://doi.ieeecomputersociety.org/10.1109/LCN.2005.33}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Local Computer Networks, Annual IEEE Conference on TI - Architecture for Multi-Stage Network Attack Traceback SN - 0742-1303 SP776 EP785 A1 - W. Timothy Strayer, A1 - Christine E. Jones, A1 - Beverly I. Schwartz, PY - 2005 KW - null VL - 0 JA - Local Computer Networks, Annual IEEE Conference on ER -

W. Timothy Strayer, BBN Technologies

Christine E. Jones, BBN Technologies

Beverly I. Schwartz, BBN Technologies

Attacks can originate from anywhere in the network but there is little the network can tell operators about where the attacker is located. Packet traceback techniques have been proposed to find the source of one or more IP packets, but some attackers use multiple remote login sessions, or stepping stones, to increase obfuscation. IP packet traceback can only find the source of one of the several connections in the stepping stone connection chain.

Stealthy Tracing Attackers Research Light TracE (STARLITE) is a customization and significant extension to BBN?s Source Path Isolation Engine (SPIE.) The goal of STARLITE was to construct a prototype to integrate single packet traceback with stepping stone detection. The resulting prototype traces a packet to an ingress router, and then discovers if the flow of that packet is related to a flow in another connection. A successful correlation can then be continued until an ultimate source is located.

Citation:

W. Timothy Strayer, Christine E. Jones, Beverly I. Schwartz, "Architecture for Multi-Stage Network Attack Traceback," lcn, pp.776-785, The IEEE Conference on Local Computer Networks 30th Anniversary (LCN'05)l, 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.