Quality, Reliability, Security and Robustness in Heterogeneous Networks. 7th International Conference on Heterogeneous Networking for Quality, Reliability, Security and Robustness, QShine 2010, and Dedicated Short Range Communications Workshop, DSRC 2010, Houston, TX, USA, November 17-19, 2010, Revised Selected Papers

Research Article

Studying Non-intrusive Tracing in the Internet

Download
419 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-29222-4_5,
        author={Alina Olteanu and Yang Xiao and Jing Liu and Thomas Chen},
        title={Studying Non-intrusive Tracing in the Internet},
        proceedings={Quality, Reliability, Security and Robustness in Heterogeneous Networks. 7th International Conference on Heterogeneous Networking for Quality, Reliability, Security and Robustness, QShine 2010, and Dedicated Short Range Communications Workshop, DSRC 2010, Houston, TX, USA, November 17-19, 2010, Revised Selected Papers},
        proceedings_a={QSHINE},
        year={2012},
        month={10},
        keywords={Security Tracing Thumbprinting},
        doi={10.1007/978-3-642-29222-4_5}
    }
    
  • Alina Olteanu
    Yang Xiao
    Jing Liu
    Thomas Chen
    Year: 2012
    Studying Non-intrusive Tracing in the Internet
    QSHINE
    Springer
    DOI: 10.1007/978-3-642-29222-4_5
Alina Olteanu1,*, Yang Xiao1,*, Jing Liu1,*, Thomas Chen2,*
  • 1: University of Alabama
  • 2: Swansea University
*Contact email: aolteanu@cs.ua.edu, yangxiao@ieee.org, jliu39@crimson.ua.edu, t.m.chen@swansea.ac.uk

Abstract

Intruders which log-in through a series of machines when conducting an attack are hard to trace because of the complex architecture of the Internet. The thumbprinting method provides an efficient way to tracing such intruders by determining whether two connections are part of the same connection chain. Since many connections are transient, and therefore short in length, choosing the best time interval to thumbprint over can be an issue. In this paper, we provide a way to shorten the time interval used for thumbprinting. We then study some special properties of the thumbprinting function. We also study another mechanism for tracing intruders in the Internet, based on a timestamping approach of passively monitoring flows between source and destination pairs. Given a potentially suspicious source, we identify the true destination of this source. We compute the error probability of our algorithm and show that its value decreases exponentially as the observation time increases. Our simulation results show that our approach performs well.