On Intrusion Source Identification

J. Kim, S. Radhakrishnan, and S.K. Dhall (USA)

Keywords

Intrusion detection, traceback, routing, network forensics, fault detection

Abstract

There has been a growing interest in the design and development of intrusion detection systems for the Internet. One of the goals of these systems is to detect the source(s) of attack. Based on the position of the victim, our scheme selects only a small fraction of routers to monitor the traffic to identify packets that bear the signatures of the attack packets. From the information provided by these chosen routers, the network is pruned and another set of routers is chosen to identify the source of attack, until the source router is detected. All this takes O(log n) steps, where n is the number of terminal nodes (routers) (defined in the text) in the network.

Important Links:



Go Back