Paper Info
Title
Forensic Analysis for Epidemic Attacks in Federated Networks
Abstract
We present the design of a Network Forensic Alliance (NFA), to allow multiple administrative domains (ADs) to jointly locatethe origin of epidemic spreading attacks. ADs in the NFA collaborate in a distributed protocol for post-mortem analysis ofworm-like attacks. Information exchange between any two participating ADs is limited to traffic records that are known toboth sides, maintaining the privacy of participants. Such an architecture is incentive-compatible 驴 participants benefit bygaining better local investigative capabilities, even with partial deployment. Further, we show that by sharing local investigationresults, ADs can achieve global investigative capabilities that are comparable to a centralized implementation with accessto global traffic records. Our evaluation demonstrates that it is feasible for large-scale attack investigation to be incrementallydeployed in an Internet-like federation.
Year
DOI
Venue
2006
10.1109/ICNP.2006.320197
ICNP
Keywords
Field
DocType
epidemic attacks,federated networks,internet-like federation,local investigationresults,network forensic alliance,information exchange,forensic analysis,centralized implementation,traffic record,large-scale attack investigation,global investigative capability,accessto global traffic record,local investigative capability,internet,network forensics,data privacy,incentive compatibility,protocols
Computer network management,Administrative domain,Architecture,Software deployment,Computer science,Computer security,Information exchange,Telecommunication security,Computer network,Information privacy,The Internet
Conference
ISBN
Citations 
PageRank 
1-4244-0593-9
19
1.00
References 
Authors
15
4
Name
Order
Citations
PageRank
Yinglian Xie1114076.73
Vyas Sekar23535182.12
Michael K. Reiter38695764.03
Hui Zhang488561002.58