Abstract | ||
---|---|---|
We present the design of a Network Forensic Alliance (NFA), to allow multiple administrative domains (ADs) to jointly locatethe origin of epidemic spreading attacks. ADs in the NFA collaborate in a distributed protocol for post-mortem analysis ofworm-like attacks. Information exchange between any two participating ADs is limited to traffic records that are known toboth sides, maintaining the privacy of participants. Such an architecture is incentive-compatible 驴 participants benefit bygaining better local investigative capabilities, even with partial deployment. Further, we show that by sharing local investigationresults, ADs can achieve global investigative capabilities that are comparable to a centralized implementation with accessto global traffic records. Our evaluation demonstrates that it is feasible for large-scale attack investigation to be incrementallydeployed in an Internet-like federation. |
Year | DOI | Venue |
---|---|---|
2006 | 10.1109/ICNP.2006.320197 | ICNP |
Keywords | Field | DocType |
epidemic attacks,federated networks,internet-like federation,local investigationresults,network forensic alliance,information exchange,forensic analysis,centralized implementation,traffic record,large-scale attack investigation,global investigative capability,accessto global traffic record,local investigative capability,internet,network forensics,data privacy,incentive compatibility,protocols | Computer network management,Administrative domain,Architecture,Software deployment,Computer science,Computer security,Information exchange,Telecommunication security,Computer network,Information privacy,The Internet | Conference |
ISBN | Citations | PageRank |
1-4244-0593-9 | 19 | 1.00 |
References | Authors | |
15 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Yinglian Xie | 1 | 1140 | 76.73 |
Vyas Sekar | 2 | 3535 | 182.12 |
Michael K. Reiter | 3 | 8695 | 764.03 |
Hui Zhang | 4 | 8856 | 1002.58 |