Title :
Forensic Analysis for Epidemic Attacks in Federated Networks
Author :
Xie, Yinglian ; Sekar, Vyas ; Reiter, Michael K. ; Zhang, Hui
Author_Institution :
Carnegie Mellon Univ., Pittsburgh, PA
Abstract :
We present the design of a Network Forensic Alliance (NFA), to allow multiple administrative domains (ADs) to jointly locate the origin of epidemic spreading attacks. ADs in the NFA collaborate in a distributed protocol for post-mortem analysis of worm-like attacks. Information exchange between any two participating ADs is limited to traffic records that are known to both sides, maintaining the privacy of participants. Such an architecture is incentive-compatible - participants benefit by gaining better local investigative capabilities, even with partial deployment. Further, we show that by sharing local investigation results, ADs can achieve global investigative capabilities that are comparable to a centralized implementation with access to global traffic records. Our evaluation demonstrates that it is feasible for large-scale attack investigation to be incrementally deployed in an Internet-like federation.
Keywords :
Internet; computer network management; data privacy; invasive software; protocols; telecommunication security; telecommunication traffic; Internet; administrative domain; data privacy; distributed protocol; epidemic spreading attack; federated network; information exchange; network forensic alliance; network traffic; post-mortem analysis; worm-like attack; Buildings; Collaboration; Forensics; IP networks; Internet; Large-scale systems; Privacy; Protocols; Search engines; Telecommunication traffic;
Conference_Titel :
Network Protocols, 2006. ICNP '06. Proceedings of the 2006 14th IEEE International Conference on
Conference_Location :
Santa Barbara, CA
Print_ISBN :
1-4244-0593-9
Electronic_ISBN :
1-4244-0594-7
DOI :
10.1109/ICNP.2006.320197
