Sciweavers

IJDE
2007

Session Based Packet Marking and Auditing for Network Forensics

13 years 11 months ago
Session Based Packet Marking and Auditing for Network Forensics
The widely acknowledged problem of reliably identifying the origin of network data has been the subject of many research works. Due to the nature of Internet Protocol, a source IP can be easily falsified which results in numerous problems, including the infamous denial of service attacks. In this paper, two light-weight novel approaches are proposed to solve this problem by providing simple and effective logging and IPTraceback mechanism: Session Based Packet Logging (SBL) and SYN Based Packet Marking (SYNPM). The contribution of these schemes lies in the fact that they are easy to be implemented with little overhead and are practical under sensitive privacy regulations, since they do not need to access detailed contents of each individual communication session. Currently, SBL and SYNPM approaches support only TCP sessions.
Omer Demir, Ping Ji, Jinwoo Kim
Added 15 Dec 2010
Updated 15 Dec 2010
Type Journal
Year 2007
Where IJDE
Authors Omer Demir, Ping Ji, Jinwoo Kim
Comments (0)