Traceback Model for Identifying Sources of Distributed Attacks in Real Time

Locating sources of distributed attack is time-consuming; attackers are identified long after the attack is completed. This paper proposes a trackback model for identifying attackers and locating their distributed sources in real time. Attackers are identified by monitoring violations of malicious e...

Full description

Bibliographic Details
Main Authors: Ahmed, Abdulghani Ali, Sadiq, Ali Safa, Mohamad Fadli, Zolkipli
Format: Article
Language:English
Published: Wiley 2016
Subjects:
Online Access:http://umpir.ump.edu.my/id/eprint/12717/
http://umpir.ump.edu.my/id/eprint/12717/
http://umpir.ump.edu.my/id/eprint/12717/
http://umpir.ump.edu.my/id/eprint/12717/1/Traceback%20Model%20for%20Identifying%20Sources%20of%20Distributed%20Attacks%20In%20Real%20Time.pdf
Description
Summary:Locating sources of distributed attack is time-consuming; attackers are identified long after the attack is completed. This paper proposes a trackback model for identifying attackers and locating their distributed sources in real time. Attackers are identified by monitoring violations of malicious end users on their bandwidth shares predefined in the service level agreement. Then, active connections of the malicious users are investigated to locate the host machines used as distributed sources of attack traffic. Mathematical model and simulation results demonstrate that the proposed model can reduce the required time for identifying malicious users and locating host machines used as the actual sources of attack packets