Traceback Model for Identifying Sources of Distributed Attacks in Real Time
Locating sources of distributed attack is time-consuming; attackers are identified long after the attack is completed. This paper proposes a trackback model for identifying attackers and locating their distributed sources in real time. Attackers are identified by monitoring violations of malicious e...
Main Authors: | , , |
---|---|
Format: | Article |
Language: | English |
Published: |
Wiley
2016
|
Subjects: | |
Online Access: | http://umpir.ump.edu.my/id/eprint/12717/ http://umpir.ump.edu.my/id/eprint/12717/ http://umpir.ump.edu.my/id/eprint/12717/ http://umpir.ump.edu.my/id/eprint/12717/1/Traceback%20Model%20for%20Identifying%20Sources%20of%20Distributed%20Attacks%20In%20Real%20Time.pdf |
Summary: | Locating sources of distributed attack is time-consuming; attackers are identified long after the attack is completed. This paper proposes a trackback model for identifying attackers and locating their distributed sources in real time. Attackers are identified by monitoring violations of malicious end users on their bandwidth shares predefined in the service level agreement. Then, active connections of the malicious users are investigated to locate the host machines used as distributed sources of attack traffic. Mathematical model and simulation results demonstrate that the proposed model can reduce the required time for identifying malicious users and locating host machines used as the actual sources of attack packets |
---|