Skip to main content

Forensic analysis for epidemic attacks in federated networks

Publication ,  Conference
Xie, Y; Sekar, V; Reiter, MK; Zhang, H
Published in: Proceedings - International Conference on Network Protocols, ICNP
December 1, 2006

We present the design of a Network Forensic Alliance (NFA), to allow multiple administrative domains (ADs) to jointly locate the origin of epidemic spreading attacks. ADs in the NFA collaborate in a distributed protocol for post-mortem analysis of worm-like attacks. Information exchange between any two participating ADs is limited to traffic records that are known to both sides, maintaining the privacy of participants. Such an architecture is incentive-compatible - participants benefit by gaining better local investigative capabilities, even with partial deployment. Further, we show that by sharing local investigation results, ADs can achieve global investigative capabilities that are comparable to a centralized implementation with access to global traffic records. Our evaluation demonstrates that it is feasible for large-scale attack investigation to be incrementally deployed in an Internet-like federation. © 2006 IEEE.

Duke Scholars

Published In

Proceedings - International Conference on Network Protocols, ICNP

DOI

ISSN

1092-1648

Publication Date

December 1, 2006

Start / End Page

43 / 53
 

Citation

APA
Chicago
ICMJE
MLA
NLM
Xie, Y., Sekar, V., Reiter, M. K., & Zhang, H. (2006). Forensic analysis for epidemic attacks in federated networks. In Proceedings - International Conference on Network Protocols, ICNP (pp. 43–53). https://doi.org/10.1109/ICNP.2006.320197
Xie, Y., V. Sekar, M. K. Reiter, and H. Zhang. “Forensic analysis for epidemic attacks in federated networks.” In Proceedings - International Conference on Network Protocols, ICNP, 43–53, 2006. https://doi.org/10.1109/ICNP.2006.320197.
Xie Y, Sekar V, Reiter MK, Zhang H. Forensic analysis for epidemic attacks in federated networks. In: Proceedings - International Conference on Network Protocols, ICNP. 2006. p. 43–53.
Xie, Y., et al. “Forensic analysis for epidemic attacks in federated networks.” Proceedings - International Conference on Network Protocols, ICNP, 2006, pp. 43–53. Scopus, doi:10.1109/ICNP.2006.320197.
Xie Y, Sekar V, Reiter MK, Zhang H. Forensic analysis for epidemic attacks in federated networks. Proceedings - International Conference on Network Protocols, ICNP. 2006. p. 43–53.

Published In

Proceedings - International Conference on Network Protocols, ICNP

DOI

ISSN

1092-1648

Publication Date

December 1, 2006

Start / End Page

43 / 53