Digital Forensics and Cyber Crime. Second International ICST Conference, ICDF2C 2010, Abu Dhabi, United Arab Emirates, October 4-6, 2010, Revised Selected Papers

Research Article

An IP Traceback Model for Network Forensics

Download
547 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-19513-6_11,
        author={Emmanuel Pilli and R. Joshi and Rajdeep Niyogi},
        title={An IP Traceback Model for Network Forensics},
        proceedings={Digital Forensics and Cyber Crime. Second International ICST Conference, ICDF2C 2010, Abu Dhabi, United Arab Emirates, October 4-6, 2010, Revised Selected Papers},
        proceedings_a={ICDF2C},
        year={2012},
        month={5},
        keywords={network forensics traceback DPM AS attack attribution},
        doi={10.1007/978-3-642-19513-6_11}
    }
    
  • Emmanuel Pilli
    R. Joshi
    Rajdeep Niyogi
    Year: 2012
    An IP Traceback Model for Network Forensics
    ICDF2C
    Springer
    DOI: 10.1007/978-3-642-19513-6_11
Emmanuel Pilli1,*, R. Joshi1,*, Rajdeep Niyogi1,*
  • 1: Indian Institute of Techology Roorkee
*Contact email: emshudec@iitr.ernet.in, rcjosfec@iitr.ernet.in, rajdpfec@iitr.ernet.in

Abstract

Network forensics deals with capture, recording, analysis and investigation of network traffic to traceback the attackers. Its ultimate goal is to provide sufficient evidence to allow the perpetrator to be prosecuted. IP traceback is an important aspect in the investigation process where the real attacker is identified by tracking source address of the attack packets. In this paper we classify the various approaches to network forensics to list the requirements of the traceback. We propose a novel model for traceback based on autonomous systems (AS) and deterministic packet marking (DPM) to enable traceback even with a single packet. The model is analyzed against various evaluation metrics. The traceback solution will be a major step in the direction of attack attribution and investigation.