Spelling suggestions: "subject:"traceback"" "subject:"tracebacks""
1 |
Using Probing Packets to Repair The Incomplete IP TracebackHuang, Ming-Cheng 23 June 2004 (has links)
An enhancement of probability packet marking (PPM) used to trace back the DoS attacker is proposed by this paper. Our work is based on the probabilistic packet marking algorithm by Savage[1] in which an attack graph can be reconstructed by a victim site. Furthermore, we discuss some routers which do not support PPM in attacked path called non-PPM router. We use algorithm to recover one and two successive non-PPM routers. Recover three and four successive non-PPM routers by using IP RR (record routing) option. Five successive non-PPM routers and above are between two PPM routers, we discuss about Loosen Source Routing that record all traveled IP addresses into IP header. The temp table record edges which produced by proposed algorithm. And the hop table records which path the packet come from. Before the PPM system run, routers send probe packets we proposed above to recover the incomplete attack path.
|
2 |
A method to enhance the accuracy of digital forensics in the absence of complete evidence in Saudi ArabiaAlanazi, Fahad Mosalm January 2017 (has links)
The tremendous increase in the use of digital devices has led to their involvement in the vast majority of current criminal investigations. As a result, digital forensics has increasingly become one of the most important aspects of criminal investigations. The digital forensics process involves consideration of a number of important phases in order to achieve the required level of accuracy and to reach a successful conclusion of the investigation into the digital aspects of crimes; through obtaining acceptable evidence for use in a court of law. There have been a number of models developed and produced since 1984 to support the digital investigation processes. In this submission, I introduce a proposed model for the digital investigation processes which is based on the scope of the Saudi Arabia investigation process, which has been integrated with existing models of digital investigation processes and has produced a new phase to deal with a situation where there is insufficient evidence. In this research, grounded theory has been adopted as a research method to investigate and explore the participant’s perspectives and their opinions regarding the adoption of a method of a digital forensics investigation process in the absence of complete evidence in the Saudi Arabian context. The interaction of investigators with digital forensics processes involves the social aspect of digital investigation which is why it was suitable to adopt a grounded theory approach. A semi-structured data collection approach has been adopted, to enable the participants to express their visions, concerns, opinions and feelings related to factors that impact the adoption of the DF model for use in cases where there is an absence of sufficient evidence in Saudi Arabia. The proposed model emerged after conducting a number of interviews and analysing the data of this research. The researcher developed the proposed model based on the answers of the participant which helped the researcher to find a solution for dealing with cases where there is insufficient evidence, through adding a unique step in the investigation process, the “TraceBack” Phase. This study is the first in Saudi Arabia to be developed to enhance the accuracy of digital forensics in the absence of sufficient evidence, which opens a new method of research. It is also the first time has been employed a grounded theory in a digital forensics study in the Saudi context, where it was used in a digital forensics study, which indicates the possibility of applying this methodology to this field.
|
3 |
Denial of Service Traceback: an Ant-Based ApproachYang, Chia-Ru 14 July 2005 (has links)
The Denial-of-Service (DoS) attacks with the source IP address spoofing techniques has become a major threat to the Internet. An intrusion detection system is often used to detect DoS attacks and to coordinate with the firewall to block them. However, DoS attack packets consume and may exhaust all the resources, causing degrading network performance or, even worse, network breakdown. A proactive approach to DoS attacks is allocating the original attack host(s) issuing the attacks and stopping the malicious traffic, instead of wasting resources on the attack traffic.
In this research, an ant-based traceback approach is proposed to identify the DoS attack origin. Instead of creating a new type or function needed by the router or proceeding the high volume, find-grained data, the proposed traceback approach uses flow level information to spot the origin of a DoS attack.
Two characteristics of ant algorithm, quick convergence and heuristic, are adopted in the proposed approach on finding the DoS attack path. Quick convergence efficiently finds out the origin of a DoS attack; heuristic gives the solution even though partial flow information is provided by the network.
The proposed method is validated and evaluated through the preliminary experiments and simulations generating various network environments by network simulator, NS-2. The simulation results show that the proposed method can successfully and efficiently find the DoS attack path in various simulated network environments, with full and partial flow information provided by the network.
|
4 |
Hospital Based Traceback of Ovarian Cancer Patients: a Feasibility StudyWeinmann, Simone Marin January 2021 (has links)
No description available.
|
5 |
Data-Link Layer Traceback in Ethernet NetworksSnow, Michael Thomas 07 December 2006 (has links)
The design of the most commonly-used Internet and Local Area Network protocols provide no way of verifying the sender of a packet is who it claims to be. Protocols and applications exist that provide authentication but these are generally for special use cases. A malicious host can easily launch an attack while pretending to be another host to avoid being discovered. At worst, the behavior may implicate a legitimate host causing it and the user to be kicked off the network. A malicious host may further conceal its location by sending the attack packets from one or more remotely-controlled hosts. Current research has provided techniques to support traceback, the process of determining the complete attack path from the victim back to the attack coordinator. Most of this research focuses on IP traceback, from the victim through the Internet to the edge of the network containing the attack packet source, and Stepping-Stone traceback, from source to the host controlling the attack. However, little research has been conducted on the problem of Data-Link Layer Traceback (DLT), the process of tracing frames from the network edge to the attack source, across what is usually a layer-2 network. We propose a scheme called Tagged-fRAme tracebaCK (TRACK) that provides a secure, reliable DLT technique for Ethernet networks. TRACK defines processes for Ethernet switches and a centralized storage and lookup host. As a frame enters a TRACK-enabled network, a tag is added indicating the switch and port on which the frame entered the network. This tag is collected at the network edge for later use in the traceback operation. An authentication method is defined to prevent unauthorized entities from generating or modifying tag data. Simulation results indicate that TRACK provides accurate DLT operation while causing minimal impact on network and application performance. / Master of Science
|
6 |
PERFORMANCE EVALUATION OF A TTL-BASED DYNAMIC MARKING SCHEME IN IP TRACEBACKDevasundaram, Shanmuga Sundaram January 2006 (has links)
No description available.
|
7 |
Denial of Service attacks: path reconstruction for IP traceback using Adjusted Probabilistic Packet MarkingDube, Raghav 17 February 2005 (has links)
The use of Internet has revolutionized the way information is exchanged, changed
business paradigms and put mission critical and sensitive systems online. Any dis-
ruption of this connectivity and the plethora of services provided results in significant
damages to everyone involved. Denial of Service (DoS) attacks are becoming increas-
ingly common and are the cause of lost time and revenue.
Flooding type DoS attacks use spoofed IP addresses to disguise the attackers.
This makes identification of the attackers extremely difficult. This work proposes a
new scheme that allows the victim of a DoS attack to identify the correct origin of the
malicious traffic. The suggested mechanism requires routers to mark packets using
adjusted probabilistic marking. This results in a lower number of packet-markings
required to identify the traffic source. Unlike many related works, we use the existing
IPv4 header structure to incorporate these markings. We simulate and test our
algorithms using real Internet trace data to show that our technique is fast, and
works successfully for a large number of distributed attackers.
|
8 |
The Research of Network Security in IP TracebackTseng, Yu-kuo 29 September 2004 (has links)
With the dramatic expansion of computers and communication networks, computer crimes, such as threatening letters, fraud, and theft of intellectual property have been growing at a dreadful rate. The increasing frequency of malicious computer attacks on government agencies and Internet businesses has caused severe economic waste and unique social threats. The problems of protecting data and information on computers and communication networks has become even more critical and challenging, since the widespread adoption of the Internet and the Web. Consequently, it is very urgent to design an integrated network-security architecture so as to make information safer, proactively or reactively defeat any network attack, make attackers accountable, and help the law enforcement system to collect the forensic evidences.
Among a variety of attacks on computer servers or communication networks, a prevalent, famous, and serious network-security subject is known as "Denial of Service" (DoS) or "Distributed Denial of Service" (DDoS) attacks. According to an investigation on computer crime conducted by CSI/FBI in 2003, Internet DoS/DDoS have increased in frequency, severity, and sophistication, and have caught international attentions to the vulnerability of the Internet.
DoS/DDoS attacks consume the resources of a remote host or network, thereby denying or degrading service to legitimate users. Such attacks are among the hardest security problems to address because they are simple to implement, difficult to prevent, and very difficult to trace. Therefore, this dissertation will firstly concentrate on how to resolve these troublesome DoS/DDoS problems. This is considered as the first step to overcome generic network security problems, and to achieve the final goal for accomplishing a total solution of network security.
Instead of tolerating DoS/DDoS attacks by mitigating their effect, to trace back the attacking source for eliminating the attacker is an aggressive and better approach. However, it is difficult to find out the true attacking origin by utilizing the incorrect source IP address faked by the attacker.
Accordingly, this dissertation will aim at conquering this representative network security problem, i.e. DoS/DDoS attacks, with IP traceback, and designing an optimal IP traceback. IP traceback ¡X the ability to trace IP packets to their origins¡Xis a significant step toward identifying, and thus stopping, attackers. A promising solution to the IP traceback is probabilistic packet marking (PPM). This traceback approach can be applied during or after an attack, and it does not require any additional network traffic, router storage, or packet size increase. Therefore, the IP traceback research on countering DoS/DDoS attacks will be based on PPM scheme. In this dissertation, three outstanding improvements among four PPM criteria¡Xthe convergency, the computational overhead, and the incomplete PPM deployment problem¡Xhas been achieved.
PPM-NPC is proposed to improve the PPM convergency and computational overhead. With non-preemptively compensation, the probability of each marked packet arrived at the victim equals its original marking probability. Therefore, PPM-NPC will efficiently achieve the optimal convergent situation by simply utilizing a 2-byte integer counter. Another better scheme, CPPM, is also proposed, such that the marked packets can be fully compensated as well while they are remarked. With CPPM, the probability of each marked packet arrived at the victim will also equal its original marking probability. Consequently, CPPM will achieve the optimal convergent situation efficiently as well.
Furthermore, RPPM-NPC is presented to advance the accuracy of a reconstructed path in an incomplete PPM deployment environment by correcting and recovering any discontinuous individual transparent router and any segment of consecutive double transparent routers. This scheme may also reduce the deployment overhead without requiring the participation of all routers on the attack path.
Except for these improved criteria, PPM robustness, some weak assumptions in PPM, and a few unsolved problems for PPM, e.g. reflective DDoS attacks, will also be improved in the future. It is also interesting in combining other network security researches, such as IDS, system access control mechanism, etc., for constructing a more complete network security architecture.
Therefore, this research hereby is done in order to completely resolve the troublesome flood-style DoS/DDoS problems, and as the basis for accomplishing a total solution of network security.
|
9 |
A Usage-Based Approach to Pattern Finding: The Traceback Method Meets Code-MixingEndesfelder Quick, Antje, Backus, Ad 28 September 2023 (has links)
Usage-based approaches have become increasingly important in research on language
acquisition and recently also in bilingual first language acquisition. Lexically specific patterns, such
as What’s this? and frame-and-slot patterns, such as [I want X] play an important role in language
acquisition scenarios. The ubiquity of such conventionalized chunks and frame-and-slot patterns
supports the idea that children construct their early utterances out of concrete pieces they have heard
and stored before. To investigate the emergence of patterns in children’s speech the traceback method
has been developed, which accounts for the composition of utterances by relying on previously
acquired material. Recently, the traceback method has also been applied to code-mixed utterances in
bilingual children testing the assumption that bilingual utterances are structured around a frameand-
slot pattern in which the open slot is filled by (a) word(s) from the other language, e.g., [where is
X] as in where is das feuer ‘where is the fire’. In this paper we want to present how the empirical use of
the traceback method, and the general adoption of a usage-based theoretical perspective, can shed
new lights on the study of bilingual phenomena, such as code-mixing.
|
10 |
The traceback method and the early constructicon: theoretical and methodological considerationsKoch, Nikolas, Hartmann, Stefan, Endesfelder Quick, Antje 01 October 2024 (has links)
Usage-based approaches assume that children’s early utterances are item-based. This has been demonstrated in a number of studies using the tracebackmethod. In this approach, a small amount of “target utterances” from a child language corpus is “traced back” to earlier utterances. Drawing on a case study of German, this paper provides a critical evaluation of the method from a usage-based perspective. In particular, we check how factors inherent to corpus data as well as methodological choices influence the results of traceback studies. To this end, we present four case studies in which we change thresholds and the composition of the main corpus, use a cross-corpus approach tracing one child’s utterances back to another child’s corpus, and reverse and randomize the target utterances. Overall, the results show that the method can provide interesting insights—particularly regarding different pathways of language acquisition—but they also show the limitations of the method.
|
Page generated in 0.0407 seconds