Nonintrusive tracing in the Internet
Version of Record online: 25 SEP 2012
Copyright © 2012 John Wiley & Sons, Ltd.
Security and Communication Networks
Volume 6, Issue 7, pages 833–843, July 2013
How to Cite
Olteanu, A., Xiao, Y., Liu, J., Chen, T. M. and Chen, C. L. P. (2013), Nonintrusive tracing in the Internet. Security Comm. Networks, 6: 833–843. doi: 10.1002/sec.616
- Issue online: 21 JUN 2013
- Version of Record online: 25 SEP 2012
- U.S. National Science Foundation. Grant Numbers: CNS-0716211, CCF-0829827, CNS-0737325, CNS-1059265
Intruders that log in through a series of machines when conducting an attack are hard to trace because of the complex architecture of the Internet. The thumbprinting method provides an efficient way of tracing such intruders by determining whether two connections are part of the same connection chain. Because many connections are transient and therefore short in length, choosing the best time interval to thumbprint over can be an issue. In this paper, we provide a way to shorten the time interval used for thumbprinting. We then study some special properties of the thumbprinting function. We also study another mechanism for tracing intruders in the Internet based on a timestamping approach, which passively monitors flows between source and destination pairs. Given a potentially suspicious source, we identify its true destination. We compute the error probability of our algorithm and show that its value decreases exponentially as the observation time increases. Our simulation results show that our approach performs well. Copyright © 2012 John Wiley & Sons, Ltd.