Research Article
An IP Traceback Model for Network Forensics
@INPROCEEDINGS{10.1007/978-3-642-19513-6_11, author={Emmanuel Pilli and R. Joshi and Rajdeep Niyogi}, title={An IP Traceback Model for Network Forensics}, proceedings={Digital Forensics and Cyber Crime. Second International ICST Conference, ICDF2C 2010, Abu Dhabi, United Arab Emirates, October 4-6, 2010, Revised Selected Papers}, proceedings_a={ICDF2C}, year={2012}, month={5}, keywords={network forensics traceback DPM AS attack attribution}, doi={10.1007/978-3-642-19513-6_11} }
- Emmanuel Pilli
R. Joshi
Rajdeep Niyogi
Year: 2012
An IP Traceback Model for Network Forensics
ICDF2C
Springer
DOI: 10.1007/978-3-642-19513-6_11
Abstract
Network forensics deals with capture, recording, analysis and investigation of network traffic to traceback the attackers. Its ultimate goal is to provide sufficient evidence to allow the perpetrator to be prosecuted. IP traceback is an important aspect in the investigation process where the real attacker is identified by tracking source address of the attack packets. In this paper we classify the various approaches to network forensics to list the requirements of the traceback. We propose a novel model for traceback based on autonomous systems (AS) and deterministic packet marking (DPM) to enable traceback even with a single packet. The model is analyzed against various evaluation metrics. The traceback solution will be a major step in the direction of attack attribution and investigation.