Abstract
The number of computer break-ins from the outside of an organization has increased with the rapid growth of the Internet. Since many intruders from the outside of an organization employ stepping stones, it is difficult to trace back where the real origin of the attack is. Some research projects have proposed tracing methods for DoS attacks and detecting method of stepping stones. It is still difficult to locate the origin of an attack that uses stepping stones. We have developed IDA (Instrussion Detection Agent system), which has an intrusion tracing mechanism in a LAN environment. In this paper, we improve the tracing mechanism so that it can trace back stepping stones attack in the Internet. In our method, the information about tracing stepping stone is collected from hosts in a LAN effectively, and the information is made available at the public information server. A pursuer of stepping stone attack can trace back the intrusion based on the information available at the public information server on an intrusion route.
| Original language | English |
|---|---|
| Pages (from-to) | 3104-3112 |
| Number of pages | 9 |
| Journal | IEICE Transactions on Communications |
| Volume | E84-B |
| Issue number | 12 |
| Publication status | Published - 2001 Dec |
Keywords
- Intrusion detection
- Network security
- Stepping stones
- Tracing intruders
ASJC Scopus subject areas
- Electrical and Electronic Engineering
- Computer Networks and Communications