Research Article
Studying Non-intrusive Tracing in the Internet
@INPROCEEDINGS{10.1007/978-3-642-29222-4_5, author={Alina Olteanu and Yang Xiao and Jing Liu and Thomas Chen}, title={Studying Non-intrusive Tracing in the Internet}, proceedings={Quality, Reliability, Security and Robustness in Heterogeneous Networks. 7th International Conference on Heterogeneous Networking for Quality, Reliability, Security and Robustness, QShine 2010, and Dedicated Short Range Communications Workshop, DSRC 2010, Houston, TX, USA, November 17-19, 2010, Revised Selected Papers}, proceedings_a={QSHINE}, year={2012}, month={10}, keywords={Security Tracing Thumbprinting}, doi={10.1007/978-3-642-29222-4_5} }- Alina Olteanu
Yang Xiao
Jing Liu
Thomas Chen
Year: 2012
Studying Non-intrusive Tracing in the Internet
QSHINE
Springer
DOI: 10.1007/978-3-642-29222-4_5
Abstract
Intruders which log-in through a series of machines when conducting an attack are hard to trace because of the complex architecture of the Internet. The thumbprinting method provides an efficient way to tracing such intruders by determining whether two connections are part of the same connection chain. Since many connections are transient, and therefore short in length, choosing the best time interval to thumbprint over can be an issue. In this paper, we provide a way to shorten the time interval used for thumbprinting. We then study some special properties of the thumbprinting function. We also study another mechanism for tracing intruders in the Internet, based on a timestamping approach of passively monitoring flows between source and destination pairs. Given a potentially suspicious source, we identify the true destination of this source. We compute the error probability of our algorithm and show that its value decreases exponentially as the observation time increases. Our simulation results show that our approach performs well.
