Sciweavers

IWCMC
2010
ACM

Reconstruction of malicious internet flows

14 years 4 months ago
Reconstruction of malicious internet flows
We describe a general-purpose distributed system capable of traceback of malicious flow trajectories in the wide area despite possible source IP spoofing. Our system requires the placement of agents on a subset of the inter-autonomous system (AS) links of the Internet. Agents are instrumented with a uniform notion of attack criterion. Deployed, these agents implement a self-organizing, decentralized mechanism that is capable of reconstructing topological and temporal information about malicious flows. For example, when the attack criterion is taken to be based on excessive TCP connection establishment traffic to a destination, the system becomes a traceback service for distributed denial of service (DDoS) attacks. As another special case, when the attack criterion is taken to be based on malicious payload signature match as defined by an intrusion detection system (IDS), the agents provide a service for tracing malware propagation pathways. The main contribution of this paper, is ...
Omer Demir, Bilal Khan, Ala I. Al-Fuqaha
Added 10 Jul 2010
Updated 10 Jul 2010
Type Conference
Year 2010
Where IWCMC
Authors Omer Demir, Bilal Khan, Ala I. Al-Fuqaha
Comments (0)